Security Consulting

Our globally connected experts specialize in all aspects of security risk management, technical security design and information resilience, including the challenges created by emerging smart building technologies. 

We work with public security officials, building owners, architects, developers and security managers within organizations to ensure that people, property, businesses and governments are protected against loss and injury.

We live in an age of heightened security concerns, with hardly a day going by without reports of terrorism, cyber-attacks, crime and violence on our streets. The threats we face are constantly changing as criminals and terrorists adopt new methods.

Growing urban populations throughout the world bring increased security challenges. The threat stemming from ‘ordinary’ organized or opportunistic crime has not changed significantly over the years. But casualties from terrorism and the violent acts of ‘lone wolves’, as well as mounting incidents of cyber-crime, now exceed all other offences.

All of our security professionals, whether they are experts in security risk management, security advisory specialists or crowd management consultants, are dedicated to helping our clients to identify and overcome their security challenges.

Security Risk Management

Our starting point on every risk management programme is to assess the security threats and vulnerabilities and to create a realistic and cost-effective strategy to reduce the overall risk to an acceptable and manageable level. In identifying threats, we undertake detailed project context evaluation that considers everything from petty crime to terrorism. We then establish risk tolerance and develop security protection objectives.

The risks for an iconic high-rise tower, whose high profile makes it a potential target for terrorists, are very different to those of a healthcare facility, where the priorities would be to prevent unauthorized access to wards and to control access to equipment and medical supplies. Assessments are undertaken for individual plots or masterplans and are compliant with internationally recognized risk management standards.

WSP also conducts security surveys of existing premises to evaluate them against current design standards, with a view to bringing these buildings up to a commensurate level of security. Equally, we undertake audits to assess the compliance of organizations with specific government or industry standards, such as SABRE, which is run by BRE Global.

As part of the security risk management process, we develop security policies and guidelines for organizations based on benchmarking, best practice, contextual analysis and maturity modelling. We also develop programmes for organizations to implement their policies, or offer support as an independent evaluator on behalf of the client.

In the next phase, we develop security strategies at both a masterplan and plot level. These need to meet client, project and authority requirements and address the concerns of multiple stakeholders while supporting security objectives.

We also work in an advisory capacity on behalf of the client or client representative. In this role, we devise or implement the security strategy as per the project requirement from design through to operations, and provide ongoing strategic security advice as an organization grows its operations across business sectors, markets and geographies.

In addition, we develop operational security policies and procedures based on detailed organizational reviews and staff modelling. These plans are strengthened through a mix of training and awareness programmes.

Crowd Management

We provide crowd management consultancy to support designers of projects such as arenas, stadiums, stations and other buildings where large numbers of people gather. We help them to consider the safety of end users at the early design stages and gain a better understanding of how people move under real conditions. We consider not just potential emergency situations but also the basic safety of users as they navigate a facility under normal but elevated circumstances, such as a match day or a concert. This includes examining where people are coming from, where they are going to, what routes they could take and where the risks and vulnerabilities might lie. These could be anything from a traffic crossing to a slope that is too steep or a concourse that is too narrow.

Commuter flow analysis is primarily used when developing new urban structures. We provide the developer with an impact analysis of how commuters and residents would interact with the layout of new structures (for both indoor and outdoor environments). This provides information and recommendations on bottlenecks, placement optimization and architectural design.

Our role is not just about safety, it is also about improving the visitor experience: avoiding queues, reducing waiting times, enabling people to move around freely. Commercial considerations also come into play – for example, directing them past the food concessions during an event.

We help clients to apply the principles of social safety and security to their buildings and urban developments by analysing the perceived safety and situational awareness of users. As this suggests, social safety is a subjective feeling, based on both reputational and objective factors related to an environment.

For instance, it is important that hostile vehicle mitigation (HVM) solutions achieve high integration into the urban environment. Our goal is to meet the challenges of a project in four key areas: architecture, landscape, technical and organizational. By using multiple IT platforms such as virtual reality, Revit, AutoCad, commuter flow analysis tools (STEPS) and geographical data mapping, we can identify and evaluate solutions that support people’s comfort and safety, and enhance the attractiveness and liveability of a space, contributing to sustainable urban development.

Anti-terrorism Consultancy

WSP is experienced in anti-terrorism consultancy and has worked extensively on the protection of crowded places. These services include local context analysis, terrorism attack methodology analysis, blast effect analysis, vehicle dynamic assessment (VDA) and hostile vehicle mitigation (HVM) engineering. Success in this work has led to our team creating most of the content for the Swedish government’s new HVM guide (see right) and giving guest lectures on the subject in Abu Dhabi, UAE.

Terrorism attack methodology analysis includes post-incident analysis of specific major attacks, trend analysis on attack methodologies and attack scenario ‘war gaming’ to analyze attack resistance and response. VDA determines maximum speed and angles achievable by anticipated vehicle type. It is also known as a swept path analysis. VDA allows us to select the best vehicle control performance criteria by assessing the road geometry and camber, road surface, gradient, clear approach lines and distance, traversable surfaces such as ditches, and existing objects.

The HVM aspect of the service, which is also used in preventing ram-raid attacks, coprises writing the specification of proportionate vehicle barriers, extensive knowledge of the product market and testing performance requirements, as well as creative solutions beyond bollards and using topology and landscaping. (Further detail on our specialist blast analysis service can be found in the following section.)

Physical security relates to the use of barriers to delay or defeat an attack with elements such as enhanced structural design and blast-resistant glazing. It also involves creating standoff from a building using hostile vehicle mitigation (HVM) measures such as bollards, road blockers, tyre killers and boom barriers, as well as luggage screening and metal detectors, landscaping and street architecture, and manned security posts and control rooms.

We have made the public spaces around buildings safer by following the principles of crime prevention through environmental design (CPTED). This harnesses the physical design of areas where people live and congregate in order to discourage potential offenders from committing criminal acts.

The technologies that we design include, but are not limited to: – Video surveillance and long-range detection

• Access control
• Electronic key management
• Intrusion detection
• Security alarms and communications systems
• Prohibited object and substance detection equipment
• Real-time location systems
• Emergency notification devices
• Perimeter protection design
  
• Security management systems (SMS)
  
• Physical security information management (PSIM)
• Smart integrated technologies.

We design security central command centres for controlling and monitoring facilities and security systems in accordance with the globally recognized ISO 11064 standards. This process covers operational requirements, internal room arrangement, video wall design and crisis management centre design.

Blast Analysis

We work very closely with our blast analysis, structural and facades specialists to identify how to protect buildings from explosive attacks and minimize the impact of explosions should preventative measures fail. Our specialist services include disproportionate collapse and structural response to blast.

By analysing blast waves and their interaction with the built environment, we are able to simulate the detonation of a device in a building or cityscape in order to determine its effect on structural elements such as columns, beams, slabs and glazing.

The team can undertake these simulations to different levels of detail and complexity in order to satisfy clients’ specific requirements or scenarios. We can provide rapid assessments in response to changing situations – for example, if the threat level suddenly rises and there is a need to provide immediate protection – or full, detailed blast-structure interaction analysis, giving valuable input to the whole design team.

The best option is always to integrate explosive blast requirements into a design as early as possible. This will result in more economical, less intrusive solutions. However, WSP can also provide retrofit options if the threat scenario deems them to be necessary.

Once the drawings and specifications are finalized, we continue to support the client through the tender and construction process. This includes supervision of security contractors and all security design elements to ensure that installation meets the design requirements. We are involved in tender review and integrator pre-qualification, material and product review and approval, shop-drawing and as-built review, conducting on-site compliance reviews and participating in final system testing and commissioning. We can also coordinate system operations training for the integrator and the client’s operations team.

We can conduct third-party peer reviews, assisting the client as a technical specialist to ensure that designs are in accordance with project and authority requirements, or to supervise coordination of the project security strategy and masterplan.

In addition to security technology systems design, we often provide full project management and leadership services, overseeing multidisciplinary design teams in the delivery of complex security-driven initiatives. Such projects often include systems with electrical, mechanical, IT and architectural elements, which need to be coordinated to meet the overall security vision.

Information Resilience

For any organization to survive in an emerging information security ecosystem, standard security measures are no longer sufficient. The changing business landscape now requires an information resilience strategy, enabling an organization to prevent, respond and recover from potential threats, and maximize the trustworthiness of its information.

WSP has established its own approach to information resilience, supported by a relevant implementation framework. We follow a holistic approach to protecting all types of sensitive information, in all phases of the information lifecycle, throughout all business verticals, regardless of the underlying business and technology ecosystem. Information resilience includes continuous assurance, improvement and response.

Enterprise Resilience

Enterprise resilience includes the development of incident response plans in line with governance, risk and compliance requirements. These are delivered through organizational training and the development of procedures, such as responsibility identification and escalation. Resilience planning includes Crisis Management, Disaster Recovery and Business Continuity Management Systems.

Smart Buildings and Cyber-Physical Security

People typically associate cybersecurity threats with data theft or the manipulation of money, but a breach today could have far more tangible results. These will only be exacerbated as we approach hyper-connectivity. The big difference in the future is that there will be direct physical effects. An attack might, for example, turn all the traffic lights red or take control of a building’s HVAC system, making it unusable and disrupting business continuity. Or it might disable the elevator system in a high-rise building or overload critical national infrastructure for electricity or water.

When designing a system, security needs to be built in from the beginning and all of these systems need to be thought through carefully and managed holistically, with care and foresight, through a multidisciplinary approach. At WSP, we develop strategies for smart technology and converged data networks which factor in security components to maximize functionality, monitoring and resilience.