Security is comprehensive - but not intrusive - at John Hancock complex
Feb 1, 1998 12:00 PM
Until recently, an employee of the John Hancock Mutual Life Insurance Company in Boston might have used one identification card to enter the complex's main buildings, a second card for admittance to a satellite building, a third for admittance to the high-security data center, and a fourth if the employee used the services of the company's on-site childcare center.
For Barry Camiel, manager of security operations, and director of security John Heavey, life was no less complicated. Only a fraction of occupants - 650 out of 11,000 - were enrolled in the three or four stand-alone access control systems, and one of the systems was serviced from the West Coast at a high cost. The lack of uniformity made the systems hard to support technically.
Keeping track of occupants who worked after hours and on weekends was done manually and was time-consuming and inconvenient. Newly terminated employees were still able to gain access in some instances, and when the dedicated PCs that controlled the old systems went down, the card readers defaulted to a degraded mode, reducing effectiveness.
Today, employees and security personnel are enjoying the benefits of a new, powerful and comprehensive Casi-Rusco access control system that covers all 11,000 building occupants, gives them one-card access to various areas, supports an unlimited number of micro-controllers and card readers and sends an alarm when a terminated employee tries to gain access.
"With our previous systems, we had to rely mostly on instincts and paperwork when we did checks related to after-hours or weekend activities," says Heavey. "Now, we have a running log of what goes on after hours, which helps give us a starting point for audits and research into activity and incidents that occur in our complex. It's a tool that shows who's in and who's out, where they went and when. It enhances our ability to deal with issues. I now have audit trails for high-security areas based on card reader transaction reports," he adds.
"Now, when someone is terminated, we remove their record from the system," notes Camiel. "If someone tries to use a card that's no longer valid, an alarm sounds in the security office, as well as at the lobby entry point."
In place since July of 1996, the new system uses an IBM RS 6000 processor with AIX, a multi-tasking, Unix-based operating system, connected on a looping, fiber-optic backbone to Compaq workstations, which serve as verification stations around the complex. With its high-speed chip architecture, the RISC processor can handle large numbers of transactions simultaneously, in a short period of time, which is important in a complex that comprises the 62-story Tower Building, the 30-story Berkeley Building, the 8-story Clarendon Building, the 9-story Stuart Building and the 8-story Conference Center.
"The system also gives us unlimited capacity in terms of adding readers and micros," adds Heavey.
Casi-Rusco micro-controllers contain distributed databases on the cardholders and their authorizations. These "micros" are connected to the IBM RS 6000 host and to Casi-Rusco card readers through a dedicated network using a standard data transmission line. Currently, almost 250 readers are in use, and each micro can control up to 16 readers.
The system's Picture Perfect software is installed in the host and generates both alarm graphics and access control reports. An Informix database management system drives the software.
According to Camiel, the access control software is used in three ways: * for database information such as an individual's name, floor location, building location, department and telephone number; * for alarm-response instructions and graphics; and * for access authorization.
Security was able to incorporate employee information from the company's existing database into the new system through an import/export software module that is available with Picture Perfect. The module allowed the company's technology specialist to import data directly without complex manuals and lengthy conversations.
"We now have a database that is up-to-date and accurate for all employees," says Camiel.
Similarly, Hummingbird's Exceed for Windows software is installed on the PC workstations, and makes the AIX operating system user-friendly by emulating Windows.
Unlike the previous system, the micro-controllers have distributed intelligence to make access decisions, even if the host is down. Proximity cards contain photo images and are color-coded to signify the individual's category such as permanent or temporary employee, tenant, vendor or service person.
Disaster recovery specialist Jim Flaherty, elaborating on the usefulness of the database, says, "There are 70 available fields. Right now we're using approximately 30 of them. In addition to basic information, we include emergency management data such as the identification of evacuation leaders and business recovery coordinators."
According to Camiel, such information can be a lifesaver in an emergency. "At night or on weekends, for instance, if there is an emergency, we can go into the system and get a printout of who is in and where they are. Additionally, in the event of a significant event, we can begin the implementation of disaster recovery notifications using information flagged in the system," he explains.
This new tool is particularly useful at John Hancock, because emergency management and life safety are under the same management umbrella as security operations. John Heavey is in charge of the entire security and emergency operation. Almost all of the 60-person security operations staff are certified Fire Brigade members and receive training yearly; they are also certified in First Aid and CPR. The company is one of only two non-medical facilities in Boston that has portable defibrillators for heart resuscitation on site. It is not surprising then that the company puts a priority on integrating its access control and alarm system. Through the Picture Perfect software, security officers in the security operations center can access alarm graphics and receive such information as the source of an alarm and the type of event that is occurring.
"If someone breaches a door, it generates an alarm that has been programmed to give the operator step-by-step instructions on how to respond. It also creates a record of the event, which includes the actions taken to date in response to the alarm," says Camiel.
"The system also distinguishes different types of alarms such as whether a door is being forced open or held open. That helps us to respond appropriately. For instance, someone might be entering with a key instead of using their card. Someone also could hold a door open longer than the time limit programmed into the system, which would require response and investigation," explains Flaherty.
The company's existing alarm processing system, installed in 1987, is being re-routed to the new system whose micro-controllers can control 80 alarm points each (in addition to the 16 card readers). "We are changing the wiring from the old system to Casi-Rusco. We expect to step up this effort in 1998 to have the alarm and access control system integrated," says Camiel.
John Hancock also uses video cameras to monitor activity in high-security areas such as the data center and in open areas such as the parking garage, lobbies, equipment areas and building perimeters. According to Camiel, one of the company's goals for 1998 is to integrate some of the cameras with the Casi-Rusco system so that if a door alarm is received, the camera would automatically be activated along with the alarm.
The cameras are tied into an American Dynamics multiplexing switcher in the security operations center, where security officers view system activity on 10 monitors. Satellite camera/monitor systems connected to the master system are located in the childcare center and in the parking garage.
With its growing commitment to security technology, John Hancock also manages its own, in-house security staff. Officers are stationed at the complex's entrances on a 24-hour basis to manage the technology. "We feel our customers and employees should be greeted personally and provided with the high level of quality customer service that distinguishes our company," says Heavey.
Visitors without cards are cleared by the officers. Camiel emphasizes that the access control system works to ease access for authorized individuals as much as to control it for unauthorized people.
"We have a closed-access facility," says Camiel. "Often, we need to clear in people who forget their cards. We process them quickly by checking their name in the system and bringing up their picture to verify their identity."
When people scan in after hours, their picture appears on a monitor at both the lobby entrance and the security operations center, enabling a security officer to grant them access.
Video imaging, Camiel notes, is done through the Portrait Perfect software component. The software is installed in a PC in the ID office, along with a DataCard badge printer, and is connected to the IBM RS 6000 for data and image storage.
In putting together its new security system, John Hancock was looking first and foremost for expansion capability - of both technology and management options. Integration of systems was also an important consideration.
"We wanted to build a security system that could act as a potential platform for management in our cafeteria, parking garage and fitness center - as well as the office complex," says Heavey. "We are moving toward using the card to enable employees to charge meals in the company cafeteria, as well as grant them access to the on-site fitness center. We are already using the system in the parking garage."
The access system is used as a management tool in John Hancock's eight-story parking garage, which is used for both public and employee parking. With a capacity of almost 1,900 cars, the system has streamlined access procedures for patrons and employees, who use the garage on a monthly basis. Certain floors of the garage are devoted to public parking; others are for employee parking. An outside firm hired by John Hancock operates the garage.
"One of the unexpected benefits of what we've done is that it has brought security closer to other functions within the company, including information technology services, network and database specialists, purchasing and quality management. Many aspects of the system were initially developed through a customer-focused quality team.
"In the past, security operations had a tendency to be out doing its own thing when it came to systems and support. We found that to achieve our goals, we needed to take advantage of existing company resources. For instance, we wanted to build our system using the existing company data network and database resources," says Camiel.
Jim Flaherty, the disaster recovery specialist, adds, "We worked cooperatively with many departments and also used the engineering and installation expertise of our vendor, Viscom Systems. We purchased computer hardware through the company's corporate purchasing channels, taking full advantage of volume-based pricing. This also allowed us to end up with system hardware, software and operating systems that are company standard."
That spirit of cooperation and employee involvement went a long way toward gaining employee acceptance of the final product - a security system that is at once comprehensive and non-intrusive.