Friday, Jun 8, 2018
Everyone claims quality. It’s a big selling point for security systems, partly due to increased corporate and personal liability in the workplace.
A high-quality security system is an important part of risk management.
Poor quality security products and software have the potential to result in high replacement costs, lost productivity and income, damage or loss of plant and property, injury to people, or – in extreme cases – even loss of life. But when everyone’s talking the high-quality game, how can you ensure a security solution is up to the required standard?
How do you prove a security system is all it claims to be?
Proving quality can be tricky. It’s something you need to assess during the due diligence process. There are some essential pre-purchase questions you can ask of potential vendors to help determine whether what you’re buying meets the quality ‘gold standard’.
- Does the company have a dedicated QA team?
- Are there multiple quality checkpoints throughout the development and production process – not just at the beginning and end?
- How do they test their software? The best practice today is the use of automated testing, where each build of the software is fully exercised.
- How reliable is the company in delivering a new version/product on the date specified.
- What is their process for resolving technical queries? How are issues recorded and addressed and is feedback shared where appropriate?
- How confident is the manufacturer of their hardware? This is evident in their warranty period - one year indicates a lack of confidence in their product, five years to a lifetime warranty means they fully back it.
- Do they use penetration testing to externally verify the security of the product?
- How accessible and responsive is the manufacturer?
In short, can the vendor prove that quality is thought about and baked into the end-to-end design and manufacture of the product you are buying?
Of course, many suppliers will answer these questions positively, regardless of the reality. So back up your questions with some research. How do they demonstrate their focus on quality? Can you ask to visit their factory or a client site to see the product in action? You can discover a whole lot about a company by asking for references from existing and previous clients. Find out how long they’ve been with the company, whether they’re having a great experience, and how any problems are responded to and resolved.
Some would argue that quality can also be judged on cost, by simply looking for who has the most expensive system. Alongside other measures, I think this has some merit. The old adage ‘you get what you pay for’ has a ring of truth, and I believe quality in security is absolutely worth paying for.
Quality process standards like ISO 9001 are another good starting point; they will ensure that the company has some processes in place that should deliver reliable results. But to achieve a ‘gold quality standard’ security system takes more than that. The manufacturer needs to understand the needs of the security market and listen to the real life problems and risks that users are trying to resolve and mitigate. Manufacturers need to be dynamically updating their offering to meet the changing environment. If they don’t, then the system you purchased two years ago with the expectation that it would last for seven to 10 years may struggle to meet the current expectations.
It’s important the manufacturer can provide options to move forward through generations of a product as painlessly as possible.
Is there an incremental path for you to migrate to the emerging security technologies - both hardware and software? This particularly applies to cybersecurity updates after the original purchase is made. It’s key to ask whether ongoing support and updates are provided after you purchase. It’s especially important to ensure that it’s possible to upgrade firmware, not just software applications, within the solution you choose. A good example of this is that many users have been caught out with a system that has not stayed up to date with the current operating systems, and their Window XP server is no longer approved by their IT policy. This requires a major replacement project rather than an incremental upgrade.
The last thing you need is to have to rip and replace a whole lot of stuff because of a major upgrade.
Ultimately, there’s no replacement for your own high standards. Quality means different things to different people and you need to decide what’s important to you and your appetite for risk. What’s the impact on your business if a privacy breach occurs and staff or client information is exposed? Define the evidence you need to be able to trust you’re getting what you paid for. Most of all, make sure you have a good contract or agreement in place that covers the supplier’s obligations as part of the due diligence process.
You’ll never regret buying quality.