View
4
Download
0
Category
Preview:
Citation preview
2017 Southeastern Safety and Security Healthcare Council Conference
Building and Opening a Central Security Operations Center (SOC)
Captain Aaron Roberts, CHPA
Manager, Public Safety
Novant Health
2019 Southeastern Safety and Security Healthcare Council Conference
2
Agenda• Introduction• Need for a Security Operations Center
(SOC)• Components of an effective SOC• Q/A
Questions that should be asked about Command Center Design and Operation
1). How does any technology that I might deploy in the SOC improve operator communication, decision-making and responsiveness?
2). What are the roles of our operators?
3). What are the capabilities of my command center?
Why do you need a SOC?
• because cameras and Officers are
not enough
• To consolidate all security operations
that will provide continuous
• prevention
• protection
• detection and
• response capabilities against threats,
remotely exploitable vulnerabilities,
and real-time incidents creating a
comprehensive infrastructure for managing security operations
• The Security Operations Center (SOC) effort should include:
• Centralization and standardization of all Security monitoring responsibilities for all facilities and locations into an Operations center
• Standardization and/or consolidation of all Security 2‐way radio communications
• Alarm/duress/panic monitoring and response
• Infant Protection monitoring
• CCTV monitoring
5
– Access control applications
– Parking Lot Call Boxes
– Elevator Emergency call boxes
– Medical Gas and Generating Monitoring
– Code Blue Monitoring.
• Major Tasks
– Determine requirements for furniture, facility infrastructure, end user hardware, and software applications.
– Coordinate design, configuration and installation of infrastructure components
– Coordinate configuration and installation of facility-based equipment and end user hardware associated with the SOC.
– Coordinate analysis, design, build, and implementation of necessary software applications
– Coordinate testing for staff of hardware and software applications
– Provide support during opening/go-live and provide post go-live production support of the SOC.
• Major Tasks
– Full audit of existing procedures, including informal and ad-hoc
– Include end users in decisions for work flow.
– Include managers and front line officers.
– Make sure facilities are aware of changes to the norm.
– IT Support must be aware of how important systems are for protection and Life Safety.
Facility Design and Location
• Where do you want to place your Security Operations Center? Where you put it should be strategic and serve the needs of the organization. It should have back up power feeds and a generator, It should also have more than one internet feed. It should be discreet and not easily identified. This may not always be possible but consideration should be made to protect the SOC as much as possible. How many stations are needed to run the organization, What kind of furniture and work stations are to be used. How many computers, servers, monitors, T.V.’s, Audio Visual equipment, and Back up Battery power. These items are crucial when it comes to the facility.
• Now for your staff: Restrooms, Shower, Break Room/Kitchen and offices for management are just some of the other items that should be considered.
• The design should also allow for growth.
Facility Design
• Work Stations need to be chosen that are comfortable and functional. There are several on the market or you can have them custom made.
07/0
Novant Health – Public Safety SOC Kick Off
10
• Records Management
• Telephony
• Radio
• Fire Alarm systems
• Infant Protection
• Duress alarms
• Burglar Alarm Systems
• Camera Systems
• Access Control
What Kind of Technology do you want?
• Patient Safety Alarms
• Analytics
• Situational Awareness
• Engineering controls
• Mass Notification Systems
• Nurse Locators
• Network/Cybersecurity
• Social Media Awareness
• ETC…
Records Management
• There are several records management programs on the market. Computer Aided Dispatch , Report Writing, and Mobile options are included in the term Records Management.
• Choosing what will work for your organization will be a daunting task. The questions that need to be answered are:
• What am I trying to capture and record.
• How will I use this information.
• Who else in the organization needs the information.
• How easy is it to navigate and use.
• TJC, Clery act, DHSR, DHEC, OSHA, Fire Marshall, DEA, LEO, FBI….
Telephony
• What kind of phone system do you have? Does it do what you want it to do? Most Health Care organizations use a PBX and have a group of people who handle this.
• Can your system record calls?
• Can your system give caller information?
• Can your supervisor break into a call?
• Can you recall the number and the call?
• Can it integrate with your CAD?
Radio Systems
• There are various Radio systems, finding the right one or the right solution or solutions can be expensive depending on what you want or need.
• Is your organization using one type?
• What capabilities are you wanting?
• What dispatch platform do we want to use?
• Ease of use
• Does it record
Fire Alarm Systems
• Finding a solution that works for your organization can be difficult. Unless all of your facilities have the same type of system this can be very difficult. What you need to ask is the following:
• Does the system have an auto enunciator?
• Can the system be monitored off site?
• If they are not the same what solution do we go with?
• Will the systems have to be reprogrammed?
• What are the requirements from the
regulatory agencies?
Infant Protection Systems
• Every Health Care Security service worries about Infant Protection. There a several Infant protection solutions on the market.
• Can it be monitored off site?
• Can it do infants up to adolescents?
• Does it have a map function?
• Does it integrate with doors and elevators?
• Does it integrate with other software that you are currently using?
Duress/Panic Alarms
• These systems can be part of your access control system, a stand alone system, or integrated into your Fire panels and Burglar alarm systems. This could be a problem if you are not using one system enterprise wide.
• How do we monitor it?
• What system works best over all?
• Does it integrate into access control and video monitoring?
• Are they easy to use?
• Are they easy to install?
• How are they tested and repaired?
Burglar Alarms
• Most Medical Centers and Hospitals are open 24hrs a day. However there are some exceptions and those areas need to be protected somehow, again this can complex too.
• Is it a stand alone system or part of the fire alarm or access control system.
• How is it going to be monitored? In house or Outsourced?
• Can it integrate with camera systems?
• Are certain assets off campus where Law Enforcement will have to respond?
• Are your assets being patrolled by a Contract Service?
Camera Systems• Camera Systems come in a variety of
capabilities. We will discuss some of the types and capabilities.
• Analog or Digital
• Hard wired or Wireless
• Fixed/PTZ, Fisheye, 360, Infrared/FLIR, Low light, Color, etc…
• Analytics, Mapping, Event triggered, etc…
• Is it expandable, upgradable, service life?
• Does it integrate with: Alarms, Access Control, or other Security devices?
Access Control
• Access control is one of the main security technology backbones of security management.
• Door controls
• Badge readers
• Door alarms
• Parking access
Visitor Management
• Are you doing visitor management? How are you doing it today and does it need to be upgraded? What features do you want?
• Hand written badges
• Visitor Management Software
• Picture Badges
• Expiring badges
• Does it integrate with CAD/RMS
• Does it integrate with Sex offender registry
Patient Safety Alarms
• Patient Safety Alarms are usually Clinical in nature and monitored by Clinical Staff, however these alarms maybe monitored by security services.
• Bed alarms
• Patient wondering alarms
• Chair Alarms
• Personal Alarms
• Bath room alarms
Situational Awareness
• To truly have a global picture of threats, situational awareness software can help an organization with early notification of incidents that could affect its assets or impact business. What you will need to ask and research.
• What all does it monitor
• News feeds, Social Media
• Law enforcement/Fire/EMS
• Weather Services
• Is it configurable to your needs
Engineering Controls
• Healthcare Security is asked to do a lot that is not in the scope of their traditional jobs, one of those is the monitoring of Engineering controls. The reason for this is we are always on campus.
• Boilers
• Temperature and Humidity
• Positive and negative pressures
• Tube Systems
• HVAC controls
• Fire Protection Systems
Mass Notification Systems
• How do you inform a lot of people in a short period of time? Who are you informing and what types of alerts and notifications are you sending. What you will need to consider is the following.
• How many devices can you notify
• How does it integrate with other programs
• Can it work with your paging system
• Ease of use for the operator
• Internal vs. External
Nurse Locators
• Nurse locators are usually just monitored on the units, however with todays climate and the need for employees to feel safe, Nurse locators maybe monitored by the Security service. Things to consider when choosing a system.
• Range
• Mapping
• Panic/Duress features
• Can the system tag a room of a violent patient?
Social Media Awareness
• The new norm for today is social media, it allows people to communicate with each other, post pictures and also allows people to vent. Being able to monitor this is essential to protecting your brand or your assets. Being able to watch for key words or phrases that may pose a threat greatly enhances your chances of stopping an incident before it occurs or greatly reduce the damage it may cause.
Law Enforcement/Public Safety Agencies
• Do you monitor radio traffic of your local Public Safety agencies? Do you have the capability to directly communicate with those agencies? In some jurisdictions this is a sought after capability. Being able to communicate with First Responders who are going to your facilities makes it easier on the responders and the Security service. You can provide information that they otherwise would not have. This also fosters a trust between agencies that may have always had a roadblock.
CAD ServersCAD/Mobile Software (Licenses, Implementation and Vendor-Supplied Training)Logging RecorderInterface DevelopmentFacility Upgrade or Construction (renovations, utilities, HVAC, security systems)Workstation Furniture**Workstation Computers**Moving ExpensesSeverance PackagesTelecomm and Networking Call Handling Equipment*Radio Infrastructure (upgrades, reconfiguration, reprogramming)**Mobile and Portable Radio (upgrades and reprogramming)**TrainingLegal SupportGIS Data DevelopmentData ConversionHiring BonusesRadio Consoles* **Radio Control Stations**
Potential One Time Expenses
• Software Maintenance (e.g. CAD, AntiVirus)• Contracted Services (e.g., payroll, legal, GIS)• Insurance• Utilities (e.g., Heat, Water, Electricity, Gas)• Telecommunications (e.g., Internet, Telephone, Microwave)• Travel• Subscriptions (e.g., Standards, Accreditation Bodies)• Pre-hiring Screening• Training• Conferences
Potential on going expenses
Resources: Industry Standards and Best Practices
• APCO International: www.apcointl.org/standards.html
• CALEA: www.calea.org
• NFPA: www.nfpa.org/codes-and-standards/
• NENA: www.nena.org/?page=Standards
Questions / Discussion
Recommended