Our News

Security risk reviews should be externally validated

29 November 2019

Security risk reviews should be externally validated

Every safe deposit business should undergo external security risk assessments according to Christopher Barrow of Metropolitan Safe Custody.

Keeping safe deposit boxes secure from attack or fraud requires many different layers of physical security with integrated systems, technologies and processes. It is well-known in the military world that security should incorporate multiple layers of defence in order to resist rapid penetration by an attacker. Similarly, the IT industry talks about ‘layered security’ to prevent hackers from gaining unauthorised access to information systems and data.

The same philosophy or strategy should apply to safe deposit vaults and strong rooms. The existence of multiple layers is designed to mitigate the threat resulting from a single point of weakness. A classic example is interlocking doors with an airlock, allowing controlled entry through the first door that must close before the individual can pass through the second door. This not only prevents piggybacking and tailgating, but also, at the very least, delays the intrusion of an attacker.

In order to assess its own security infrastructure and methodologies, a safe deposit business should subject itself to regular internal and periodic external security risk audits. This should be in the form of a systematic on-site analysis and risk assessment of all security aspects. The scope of an external survey should include a thorough understanding of the company structure and organisation, business policies, culture and working practices. It should evaluate the threats and risks to the business and its staff, especially in terms of armed robbery and burglary. It should cover the physical security of the vault and surrounding areas, technology equipment such as surveillance and alarm systems, operational procedures, facilities, staff recruitment and training.

An external audit should be carried out by a professional security consultant with specialist knowledge and expertise of the specific industry. Recommendations should be graded based on the level of risk, with any severe vulnerability (that represents a major business risk) requiring immediate preventative action.

A safe deposit business, or any high-security firm, should only be satisfied once an excellent standard of security has been externally validated. The premises should provide modern security risk mitigation with top-quality physical, technical and procedural security supported by well-trained staff. The building infrastructure should use materials that conform to international, high-security standards with respect to ballistic and manual attack protection. The vault itself should incorporate protection against core drilling and explosives.

The premises should have more than one overlapping intruder alarm system, each of which should be monitored by separate alarm receiving centres using different signalling technologies. CCTV coverage should be extensive, covering both the external and internal areas of the building. The cameras should be monitored in the control room and, in a perfect world, should be accessed by other branches of the same business. The CCTV system should be accessed and monitored remotely out of hours.

When customers are informed that a safe deposit vault is certified in accordance with international standards or, for that matter, the doors have passed a Grade VIII or IX or X explosive and core drill test, very few would understand the value of this information. These certifications simply confirm that the products have passed some form of performance and quality assurance tests. These are important, but they tell only part of the story. When a vault is open for business, the strength of a vault door is somewhat academic. Even when closed, product certification is meaningless if systems and operational procedures are below par.

Another underrated factor is the quality of staff. Physical strength, sophisticated systems and comprehensive operational procedures are only secure if a business has high-quality and well-trained staff. In the UK, the safe deposit industry is regulated for anti-money laundering (AML) and counter-terrorism purposes. Understanding the importance of KYC (Know Your Customer) is critical to the smooth management and commercial viability of a business. Any firm involved in acting as a custodian of high-value items on behalf of customers should employ smart, motivated and disciplined employees. It is those employees who ensure that, not only the customers receive an efficient and friendly service, but that law-abiding individuals become customers in the first place.

So, security is a complex process that requires substantial investment in sophisticated systems and the highest professional standards of business practice. Trust can take a long time to build, but it is very easy to destroy. Customers storing their belongings in a vault should carry out their own due diligence to satisfy themselves that their hard-earned or inherited valuables are in safe hands. Whilst safe deposit businesses need to preserve the confidentiality of their security arrangements, there is no reason why customers should not ask whether any external security risk reviews have been carried out in recent years.

This site uses cookies as described in our Cookie Policy here. If you agree to our use of cookies, please continue to use our site. You may opt out of cookies by clicking here.