Chairman of the City of London Crime Prevention Association reflects on 2024 and provides his insights into the challenges ahead in 2025.

As we enter 2025 and reflect on 2024, we continue to live with international conflict and acts of terrorism, extremism and violent crime closer to home.

Acknowledging that we have a new government, it is good to see that some of the previous initiatives, such as Martyn’s Law and Violence against Women and Girls, feature prominently in the current government’s priorities and legislation.

The role of private sector security is ever increasing to support core law enforcement requirements.  Looking back on the various initiatives created by the City of London Crime Prevention Association, (CoLCPA) such as Project Griffin in 2003, CSSC in 2011 and Project Kestrel in 2020, there can never be a more important time for public/private sector partnership.

A notable example is the initiative launched in November 2023 to create a consortium in order to tackle violence against women and girls and domestic abuse: Prevent Violence against Women and Girls and Domestic Abuse – Our Safer City.   We are confident that this initiative will reduce sexual offences committed during the night-time economy, provide support and assistance to vulnerable people and identify the perpetrators.

Our consortium partners are too many to mention, but we are extremely grateful to the former Lady Mayoress, Elisabeth Mainelli, for becoming our Patron. Our thanks are also extended to our core partners: the City of London Corporation, City of London Police, British Transport Police, Metropolitan Police, Safer Business Network, the City BIDs, Eastern City BID, EIDA, Oxford Partnership and the City Security Council.  The consortium pilot will conclude in the first quarter of 2025 and it is our intention to transport the best practice initiatives across the UK and beyond.

We believe the Prevent Violence against Women and Girls and Domestic Abuse initiative has enabled law enforcement and local authorities to direct their respective operational resources in a more focused and effective way.  Our two surveys have strengthened the belief that women feel less safe after dark and the requests for enhanced street lighting, CCTV and policing presence are as anticipated.

However, there can be no doubt that the re-introduction of taxi marshalling, Safe Havens and the Safe Haven app, together with the combined private/public sector partnership initiatives, including Operation Re-Frame, have assisted in making the City a safer night-time economy location.

The recent legislative changes in respect of sexual harassment in the workplace are positive steps forward, but we still have a lot to do.

Two of our biggest challenges are to raise the awareness of women and men as to what is acceptable and not acceptable behaviour and to ensure vulnerable people are aware of the supportive initiatives that are available to them. We are creating an education/training programme for both businesses and employees in respect of the new legislation.  One of our key aims is to focus on bystander intervention, to encourage men to act supportively in appropriate circumstances.

I would like to thank all our consortium partners, the executive board and senior management team for their hard work and dedication in creating and developing this much-needed initiative.

At the City of London Crime Prevention Association, (CoLCPA)  AGM in May we welcomed our new CoLCPA Patron, Tijs Broeke, the Chairman of the Police Authority Board. Our outgoing Patron, James Thomson, was thanked for his term of office and was made an honorary member of the Association.

In October Pete O’Doherty was appointed the new Commissioner of City of London Police.  We congratulate Pete on his appointment and extend our best wishes to his predecessor, Angela McLaren.

I have no doubt that we have a challenging year ahead, but in partnership no challenge is too great. We will continue to support law enforcement and the community in the same manner as we have done for the past 21 years.

On your behalf, may I take this opportunity to thank the City of London Crime Prevention Association Committee, our speakers and our Administration Manager, Irona, for their continued contribution.

I wish you, your families and loved ones, a peaceful and safe 2025.

Don Randall, MBE

Chairman

City of London Crime Prevention Association, (CoLCPA)

The post Don Randall MBE looks ahead to 2025 appeared first on City Security Magazine.

As we leave 2023 and enter 2024, we still have a world full of conflict, aggression and barbaric acts of terrorism. Senior law enforcement officers have commented recently about the high likelihood of terrorist activity occurring in the UK. To this end, our association continues to maintain close liaison with relevant agencies and our programme of meetings is geared to anticipating the needs and requirements of our members to deal with all ongoing situations.

I thought it would be interesting to reflect on our activities this year and beyond:

CSSC is now 12 years old and it is 10 years since it became a registered charity. We distribute circa 25 messages per month to our 3,895 industry sector leads (ISLs) and an audience reaching 15 million recipients. Of the ISLs, 1,167 have businesses based in London.

Our 9 regional hubs continue to grow and, additional to our national reach, add substantial regional value. With support from the City of London Police and our platform provider, Everbridge, we have revitalised our registration process. We continue to engage new members at a rate of approximately 40 per month and these include universities, trade associations, HMG departments, museums, media, regulatory bodies and hospitality companies.

It was a pleasure to celebrate the 20th anniversary of the CoLCPA in January at the Saddlers’ Hall and we are grateful for the sponsorship provided by QCIC. It was good to see old friends and colleagues from when we merged the associations and prior.

Our programme of presentations – always supported by the City of London Police operational and counter-terrorism directorates – was well received, with an average audience of 110 attendees.

In September 2022, we started our active engagement in what is now called ‘Prevent Violence against Women and Girls and Domestic Abuse’ (Prevent-VAWG & DA), which was highlighted at our conference in the Livery Hall at the Guildhall in February. This event was supported by the City of London Corporation, QCIC and Unitrust. We were fortunate to have a plethora of keynote speakers, including Angela McLaren, Commissioner of the City of London Police, and Lucy D’Orsi, Chief Constable of British Transport Police. The event was seen as a major success and the launchpad for a raft of initiatives going forward.

We are grateful for the partnership in developing Prevent-VAWG & DA with the Safer Business Network, the Employers’ Initiative for Domestic Abuse (EIDA), City of London Police, British Transport Police, Metropolitan Police, the Corporation of the City of London, the National Security Inspectorate and others.

With funding from the Proceeds of Crime Act and an excessive amount of pro bono activities, this initiative – under the banner of the City of London Crime Prevention Association – has crystallised into a series of progressive activities. We have formed an extensive group of relevant parties, an executive board and operational streams.

We are privileged that the Lady Mayoress, Elisabeth Mainelli, has agreed to become our Patron and former CoLP Commissioner Ian Dyson and Sarah Cork our ambassadors.

The streams of activity will continue to grow and our ambition, with our partners, is to create a best practice working model which is scalable across the UK and beyond. We are using the period November 2023 to November 2024 to achieve this model, which coincides with the current Lord Mayor’s term of office.  For those who can recall, this process follows the principle of Project Griffin in 2003.

The current streams of activity are:

• the re-introduction of the Taxi Marshalling Scheme at Liverpool Street Station on Thursday, Friday and Saturday evenings from 22:00 to 01:00/02:00 hrs
• the creation of Safe Havens across the City of London
• the development of a Safe Haven App
• the re-energisation of the ‘Ask for Angela’ campaign
• a survey to determine the views of women in respect of their safety in the City of London
• the formation of a Building Security Certification Scheme in partnership with the National Security Inspectorate
• a supporting communications and marketing programme

These streams of activity are covered in further detail in the article on page 30.

We continue to work with the London Fire Brigade in the promotion and execution of Project Kestrel, which is an online fire, safety and security training programme. This forms an integral part of the Building Security Assessment Scheme.

As in previous years, we continue to make charitable donations and our summer and festive drinks, sponsored by Investec, are seen as two valuable networking opportunities.

In closing, the Committee and I thank you for your continued support and your ongoing invaluable contribution to keeping our respective communities safe and secure.

May I wish you, your families and loved ones a peaceful festive season.

Don Randall MBE Chairman,

City of London Crime Prevention Association

www.cityoflondoncpa.org.uk

The post Don Randall MBE Chairman CoLCPA reflects on 2023 and looks ahead to 2024 appeared first on City Security Magazine.

The key function of CSSC is to distribute security and safety information to businesses across the UK.

Each business sector is represented by one or more Industry Sector Leader (ISL). There are currently over 2,250 ISLs spread across the UK in over 33 business sectors, who cascade information through their business links, trade organisations and contacts. The messages come from a range of authoritative partners, including police, local government and National Counter Terrorism Policing Headquarters (NCTPHQ).

Activity update – 2019 so far

CSSC continues to make an impact in 2019, with an average of nine national and regional messages or bridge calls per month, with a variety of messages. For example, in April 2019, there were fifteen from the Public Order team of the Metropolitan Police, four from National Counter Terrorism Policing Headquarters (NCTPHQ), two from CSSC London, three from CSSC Scotland and one from CSSC East Midlands.

The number of trade bodies and associations now registered on the CSSC cascade has reached 119. Since January 2018, a total of 826 new ISLs and Associate ISLs have been identified for National, London and the regions.

CSSC Management Structure

CSSC now covers ten counter-terrorism regions across the UK, in line with NCTPHQ, and can truly claim to be the only national safety and security messaging initiative. The management structure to support CSSC consists of a Board of Trustees, chaired by Sir David Wootton; a Consultative Board, chaired by Sir David Veness; and a Hub Management team for each Regional Hub.

Ongoing Financial Support

In May 2019, Sir David Wootton wrote to the senior executives of the top 500 companies and trade associations who partner with CSSC with a request for ongoing financial support from each of them.

He outlined how until now CSSC has managed to operate solely on the generous donations made by a small number of industry organisations and trade associations and explained how now, “The goal is to create a sustainable financial model for CSSC for the foreseeable future.”

The monies raised will fund the ‘hub team’ and associated activities and the ten ‘regional hubs. It is hoped this model will avoid the necessity for continued sponsorship and voluntary donations.

Activity continued in 2019, with the CSSC AGM in June 2019 bringing together many of the ISLs and other interested parties, and with other events and information. (Full report available soon)

You can sign up via the website www.thecssc.com or email membership@thecssc.com

Don Randall, MBE

CSSC, Deputy Chairman

The post CSSC Update June 2019 appeared first on City Security Magazine.

Many people in business are members of the Cross-sector Safety and Security Communications (CSSC) initiative so they will already be aware of the benefits of this excellent initiative.

CSSC was established in London during the Olympics, as part of a process to keep business better informed with security information and this voluntary organisation has continued to build on the success of the original project.

A national roll-out of CSSC is currently underway, in partnership with National Counter Terrorism Policing Headquarters (NCTPHQ), with the aim of making its security messages available to all business sectors and members of the public in the UK. The implementation is integrated with the Step Change initiatives to counter the recent upsurge in terrorism. CSSC is an initiative where authoritative security information is cascaded from a central hub to regional hubs and then onward to businesses within the region. Regional information can also be sent locally.

Since its inception six and a half years ago for London 2012, CSSC has developed into the principal communications vehicle for security-related messages. The original proposition remains the same: to provide timely, accurate, authoritative messages.

In line with NCTPHQ, there are eleven identified regions, namely: Eastern, South East, South West, Wales, East Midlands, West Midlands, North East, North West, Scotland, Northern Ireland and London (The Hub).

The ultimate goal is for each region to be linked to The Hub for distribution of centralised messages, as well as having the autonomy to send regionalised messages.

Each area will adopt the same governance model and delivery structure: there is a region-specific management board, including a NCTPHQ Detective Chief Inspector together with a local chair. Many of these chairs are now in place: The Eastern Region is chaired by Mark Duffy, Chairman of Dardan Security, and the South East Region is chaired by David Ward, Chief Executive of Ward Security. South West is chaired by Karen Ramirez and East Midlands by Andrew Nicholls.

CSSC is a registered charity, with a Board of Trustees, supported by a Consultative Board co-chaired by Sir David Veness and Commander Simon Bray. During the national roll-out, we will revisit the senior management structure to ensure adequate regional and strategic representation at the centre.

The regional operational teams of each hub include members who are seconded from both the public and private sectors. Secondee Ollie Giles from Alchemmy is developing Standard Operating Procedures and Mark Seston from CBRE is supporting the day-to-day running of The Hub.

The CSSC website, thecssc.com, was recently refreshed and revised with updated information. You can join via the website and find out more about CSSC and its work. The website also contains all the latest CSSC alerts and news.

Going forward, we are keen to ensure that everyone within an organisation receives the CSSC messages, where appropriate, and the original recipient knows how and when to pass on the different types of message. If you have any ideas or feedback on CSSC, its website and national implementation, please send them to our administrator whose details are on the site.

Personal and financial support from a number of individuals and organisations is vital to the CSSC. Particular thanks go to our auditors Wilkins / Kennedy supported by Sarah Johnson for auditing our accounts and liaising with the Charity Commission.

If you can support the CSSC in any way, please get in touch.

Don Randall, MBE

Deputy Chair of Trustees and Chair of Senior Management Team.

The post Extending the reach of CSSC in 2018 appeared first on City Security Magazine.

Founded in November 2011, the Cross-sector Safety and Security Communications (CSSC) was established as a direct response to the realisation that, with the London 2012 Olympics fast approaching, there needed to be a broad and robust communications and intelligence infrastructure in place that had not previously existed, and which would bridge and bring together police, security agencies and the private sector.

The lack of such a framework was highlighted in November 2011 during the riots that occurred across several English cities. In the wake of these events the then-Deputy Assistant Commissioner of the Metropolitan Police, Janet Williams, requested a bigger version of Project Griffin that would cover the entire community and improve police-to-civilian communications in anticipation of the Olympics. The CSSC was launched in response and was endorsed by the Minister of State for Security and Immigration at the time, James Brokenshire, as well as myself, Sir David Veness CBE QPM, who had previously served as Under-Secretary-General of the United Nations Department of Safety & Security and as Assistant Commissioner (Specialist Operations) New Scotland Yard, and Janet Williams herself.

Setting up the CSSC

Project Griffin, which I had co-founded in 2004, was a strong starting point when thinking about the CSSC as it had proven the concept of harmonising the public and private sector security industry. Project Griffin had made some quantum leaps as it formalised information sharing between law enforcement and private sector, and has been quoted in Hansard four times as a highly successful example of public and private partnership.

The challenge in setting up the CSSC was compounded by the Olympics fast approaching, but we quickly identified 24 industry sectors and media, including hotels and transportation, and the key security players in each of those disciplines who would be responsible for both disseminating information and providing feedback. These individuals are known as Industry Sector Leads (ISLs). It is important to understand that the CSSC is not merely a top-down communications channel, but a two-way communications vehicle, and information coming into the hub is as important as that being sent out.

Using the pharmaceutical industry as an example of the process in action, the industry trade association has 900 core members. The association’s principle person (the ISL) would be involved in bridge calls, chaired by myself and with police input. An email would be drafted that they would send to their members which, in turn, would pass it around; for example, a message to Boots the Chemist would be send to every Boots the Chemist outlet in the country. The information cascades outwards from a central core. It’s a very simple way of doing things.

We used this concept for both the Olympic and Paralympic games, and we have continued to refine it ever since. We are currently revising the ISLs to make sure we have the right people doing the right thing in the right way.

14 million recipients: CSSC in 2016

As a result, we now have 35 industry sectors and a distribution of around 14 million recipients. If we want to send out a message today, we can do that in under 20 minutes and get to 14 million businesses and people.

We have also recently created a core team of ten senior security people who, should an incident occur, can ‘stand up the Hub’, in other words staff the CSSC Hub which acts as the interface between those who have information and those who need to receive it.

To further improve the CSSC, a study was initiated by Sir David Veness CBE QPM (Co-Chair Consultative Board CSSC) in the aftermath of the Paris attacks of 2015. This study would serve as a review into enhancing the engagement between business and public bodies in the UK in a rapidly changing security environment, and would be crucial in determining the future direction of the CSSC.

Findings

Amongst its many findings, conclusions and recommendations the study identified seven broad threat categories that have the ability to interrupt business and cause damage to reputation and brand. These threat categories are Business Crime, Cyber Crime, Transport Disruption, Environmental Disruption, Terrorism, Critical Incident and Health. However, these seven threat categories do not map naturally to a specific government department, where departments operate as ‘Lead Government Department’. This alone underlines the importance and the scope of the CSSC which, through Information Sharing Protocols with required departments, agencies and bodies, enables the provision of information and advice for communicating to the public.

The report has also mapped a way forward for the initiative with a more structured and robust management structure needed to ensure administration and data management is as robust as it needs to be. While funding such improvements is a challenge, the CSSC currently benefits from the generosity of members, including the CBRE (property management company) which has donated a person for three days a week for three years, and London First which has also loaned a person for data administration.

While there is still a lot of work to be done to get the CSSC to where it ultimately needs to be, both in structure and scope, its effectiveness cannot be doubted. Current and future London Resilience Forum (LRF) plans see the CSSC as the key messaging service to broadcast critical messages both on a routine basis and in times of crisis, and in 2013 the CSSC was awarded the Best Contribution to Continuity & Resilience Award at the CIR Business Continuity Awards.

Don Randall MBE

Co-founder CSSC, Project Griffin and chair of the City of London Crime Prevention Association.

The post CSSC in 2016: a framework for success appeared first on City Security Magazine.

The General Data Protection Regulations (GDPR) comes into force in May 2018. The security industry has to understand, interpret and practise the intention of GDPR: it should not inhibit the gathering and sharing of data, providing cyber security hygiene measures are in place. Technological advances and business imperatives will mean there is ever more data, and ever more sharing, but this must be done abiding by the rules around the security and retention of data.

We asked leading security professionals on their views: will this bring about a step change in our approach to securing data? What other factors will impact cyber security in 2018? We had responses from the following:

• John Unsworth, Chief Executive, London Digital Security Centre (LDSC)
• Jean-Philippe Deby, Business Development Director,Genetec
• Vicki Gavin, Chair, Women’s Security Society
• Adam Bannister, Editor, IFSECGlobal.com
• Sean Kelly, Chief Information Officer, Wilson James

John Unsworth, Chief Executive, London Digital Security Centre (LDSC)

The implementation of GDPR can only be a good thing for the protection of data and helping to drive a shift in how many organisations obtain, store and use personal information.

Will GDPR be the step change in our approach to securing data? On its own, I don’t think so. The security of personal information requires more than just a new regulation; it requires consumers and organisations to realise just how valuable data is to the ever-increasing number of cyber criminals and to take all precautions within their power to protect it.

It requires businesses to appreciate the role they have in keeping consumers safe, and looking after the sensitive information they request from every consumer. It requires consumers to demand from businesses, What are you doing with my data?

How are you using it? How are you storing it? How are you keeping it safe?

It needs all procurement processes to have the security of information as a key consideration before entering into contracts with third parties.

The security of data requires everyone to do their bit, and not just leave it with the IT department.

Jean-Philippe Deby, Business Development Director,Genetec

Given the unique challenges involved in terms of GDPR, surprisingly little has been devoted to the process of ensuring compliance for the operation of video surveillance, access control and other physical security systems. Any public or private organisations using CCTV to monitor public accessible areas should be concerned and operators need to focus on adopting privacy by design.

Under the terms of the EU GDPR, data that is anonymised or pseudonymised is classified as lower risk. The appropriate use of encryption and automated privacy tools is, therefore, a logical first step. For example, video redaction that blurs out people’s faces in video unless there is a legitimate reason to reveal their identity can minimise the dangers of having security cameras deployed in public spaces.

Don’t forget, owners of on-premises video surveillance, access control or ANPR systems are responsible for all aspects of EU GDPR compliance, including securing access to the systems and servers storing the information. However, by working with an approved cloud provider it is possible to offload some of these responsibilities and significantly reduce the scope of activities required to ensure compliance. It is also highly cost-effective.

Nevertheless, it is important to realise that it isn’t a full abdication of responsibility. You remain accountable for ensuring data is classified correctly and share responsibility for managing users and end-point devices.

Vicki Gavin, Chair, Women’s Security Society

GDPR is the marriage of privacy and security,  where privacy covers all aspects of the use and maintenance of personal information and security ensures the personal data has been appropriately protected.

Achieving this will require a diverse set of skills, and while convergence to a single point of control would seem to be the answer, it doesn’t really address the variety of different specialist skillsets required to deliver such a complex set of controls.

An holistic approach is required with close partnership between all of the security functions. I am sure this will lead to contention for the small number of individuals who are able to demonstrate that they already have both cyber security skills and privacy skills. As there are clearly not enough of these people to go around, we really need to get a lot smarter about recruiting and retaining talent.

If we look at the world of cyber security today, we can extrapolate and get a picture of what the future will likely hold. But this doesn’t have to be. If we look at today’s practices, we can identify a number of opportunities for improvement:

• Avoid qualification creep, identify the minimum qualifications required,
• Review the minimum qualifications for bias and eliminate it,
• Review CVs to include rather than exclude candidates,
• Assemble a diverse interview panel, and
• Retain good candidates through ongoing development.

Look at the problem holistically. Not every job is suited to every person. Get the skills right and there will be lots of diverse candidates to choose from. In short, there is no shortage of talented people, only short-sighted hiring managers.

Adam Bannister, Editor, IFSECGlobal.com

Cybersecurity would have become a hot topic in the physical security sector even without GDPR looming. No longer written off as a separate discipline, data security is now inextricably bound up with security systems that connect to the internet, each other and non-security systems. The 2013 theft of credit card data from US retailer Target via its HVAC system demonstrated the consequences of negligence.

But the GDPR lifts the stakes higher still. Fines for breaches could be up to 79 times greater than those levied under the existing regime. Embedding ‘security by design’ into product development is essential if the industry is to properly protect customers.

But its customers must protect themselves too. The entire supply chain must abandon the silo-based approach and collaborate more closely in this hyper-connected world.

Expect GDPR to also spur already strong growth in the cloud market too, since delegation to data-storage experts can help organisations meet compliance obligations.

Seldom do I have a conversation with a security professional who doesn’t mention data security – which at least shows that the industry is keenly aware of its primacy.

Sean Kelly, Chief Information Officer, Wilson James

The step change which GDPR will bring to securing data requires an accompanying paradigm shift in data management. The consequence to business realities in 2018 may well result in GDPR negatively impacting wider cybersecurity delivery.

GDPR follows the good data governance concepts espoused by the Information Commissioner and practised by many blue-chip companies. Regrettably, most companies in the UK are smaller and have systems that are not even close to these standards. Data discovery projects alongside the creation of GDPR-compliant systems represent a very considerable expense. Even though GDPR requires data to be stored securely, smaller companies with tight IT budgets will face a stark choice: GDPR compliance or cybersecurity improvements.

In mid-2018, customers, clients, contractors and employees, past and present, will seek to enjoy their new ‘rights’. The novelty of submitting ‘Subject Access Requests’, at no cost, is likely to produce a flurry of activity.  The inevitable failure of the unfortunate few to comply in a timely manner will result in well publicised fines, and a subsequent panic of redirected IT resources.

It is the redirection of IT resources toward GDPR administrative processes and away from planned upgrades which will most impact cybersecurity in 2018.

The post GDPR and its implication for security – a range of views appeared first on City Security Magazine.

Project Griffin continues to be an integral strand of UK Counter Terrorism, together with Project Argus and Project Servator.

Since the launch of Industry Self-delivery in 2016, progress is being made towards the goal of 1 million people Griffin-awareness trained.

Extended reach

Project Griffin has extended its audience and is now suitable for everyone, not just security guards. In particular, the intention is to train any member of staff who works with the public or in public spaces. British Transport Police have been at the vanguard of Project Griffin, ensuring that all members of staff working on the railway, as well as the police officers, are awareness trained. In a football stadium, the whole personnel can be trained. This brings great benefits to all concerned.

Organisations can now apply to be accredited for self-delivery and then can train their own staff. NaCTSO will register approved companies and provide them with the Project Griffin package relevant to their sector, plus regular future updates.

The criteria for those organisations that can apply has recently changed. Full details are available on the National Counter Terrorism Security Office (NaCTSO) website www.gov.uk/government/publications/new-initiative-project-griffin-industry-self-delivery.

Plans for 2018

During 2018, further improvements are planned for Project Griffin. These include refreshing the website and online courses. Also, there are plans to look at the accreditation formula and process, with the possibility of liaising with the SIA to incorporate Project Griffin awareness training within the training for guards.

Griffin Awareness days are still offered locally. You can contact your local CTSA for details of local awareness days (www.gov.uk/government/publications/counter-terrorism-support-for-businesses-and-communities/working-with-counter-terrorism-security-advisers#contact-your-ctsa).

Don Randall, MBE

Chairman, City of London Crime Prevention Association

Coming soon… Cyber Griffin

Cyber Griffin is a new initiative due to be launched by the City of London Police’s Cyber Crime Unit later this year.

It will follow the basic format of the force’s counter terrorism offering, Project Griffin, but will be solely focused on helping City businesses improve their cyber security and defender skills while providing them with threat intelligence and incident response training for free.

The post Looking to the future with Project Griffin appeared first on City Security Magazine.