‘The database is becoming a bigger and bigger deal’

Incident reporting software makers start looking at the security channel as integration increases
Tuesday, July 1, 2008

If you’re a security director at a university campus, you know all about incident reporting. Thanks to the Clary Act of 1990, all colleges and universities are required to report certain crime and security statistics to the federal government. Not doing so could lead to hefty fines like the $357,000 levy the U.S. Department of Education laid on Eastern Michigan University earlier this year.

So it’s no surprise the university market is attractive to companies manufacturing incident reporting software, which allows enterprises to collect all of their security information-everything from slips and falls to doors left ajar to violent crimes-into a single database and then view that information in a variety of ways and export it in custom reports. While this ability makes a university end user’s legal compliance much easier than collecting all manner of disparate documents and compiling a yearly report in Microsoft Word, it’s also increasingly becoming a must-have tool for virtually any end user managing security for an extensive operation.

“They put in all the information about what’s happening,” said Elaine O’Sullivan, vice president of marketing and communications at software maker PPM 2000, “and then they’re able to determine where to put preventative measures in place; they’re able to analyze the time of day, locations, what staff is on duty, the type of incident and then use that information to make changes.”

Where does much of that information come from? Increasingly, it’s coming directly from access control and video management software, or from command and control software that’s layered between, especially now that the security industry is embracing open IT-based standards for software development kits and APIs.

“That’s really the overall premise of the product,” said Julie Copithorne, general manager of D3 Security, another software maker. “What we are seeing is convergence, the need for large organizations to gather information at a very granular level, then analyze that data however they want to, by region, by business unit, etc.” She said D3 does work with traditional security software makers like AMAG and Lenel, but she considers other software manufacturers, like Send Word Now, for example, as partners, as they push D3’s information out to handheld devices through text and email.

Michelle Austin, in marketing and communications at iView, a company similar to D3 and PPM 2000 that specializes in casino installations, said this year the company started integrating with video software with iDVR Acquire, which works with American Dymanics’ Intellex DVR for media acquisition. The video is then stored within iTrak, iView’s main platform. “Foxwoods Resort and Casino was the first to integrate both systems,” she said.

All of this sounds great, right? Unfortunately, all three of the above software makers currently go to market primarily straight to the end user. But that might be changing.

“We hadn’t gone to ISC West in 15 years,” said O’Sullivan, “but we went for the first time last month. We see the landscape changing and the integrator changing.”

D3’s product, for example, is browser-based, and can be delivered either with the software-as-a-service model, or installed on an enterprise’s servers. Which means it could also be installed in a central station and served to end users that way. “It’s not something that we’ve done,” Copithorne said, “but we’re not opposed to it; it’s just a matter of pioneering that concept for somebody.” She said the security reseller community, particularly, “is an area that is in our plans for development ... It’s something we’ll be further exploring.”

Much of the market opportunity, interviewees said, will stem from the creativity integrators evince, and how well they know their end user. “We’re excited about the convergence of the physical and IT communities,” said O’Sullivan, “and system integration in general, making incident management part of the overall security management system that’s in play. That’s the direction we want to go in, opening up our system, taking data from more systems, taking advantage of the synergies between them.”

So, what information does the security director need to help create a long-term plan for mitigating risk? How can the security system create metrics that can be analyzed and tracked? Can the people-counting analytic feed its information into the incident management software so it can be determined what percentage of people entering a mall, say, will commit a violent act? The possibilities are endless.

There is also some question of whether command-and-control software makers like Orsus and Vidsys will start incorporating more of this reporting function into their packages, but iView, D3 and PPM 2000 don’t yet see them as competition. “It comes down to specialization,” said O’Sullivan. “Many access control systems have tried to have a surface level of incident reporting, but when it comes down to in-depth analysis, it’s got to be your focus.”

Copithorne also noted the incident reporting software can act as communication infrastructure. D3’s e-alerts allow anyone behind the firewall to enter information without needing a user name and password, so that employees are encouraged to input anything from someone shady in the parking lot to unsafe spots they find while traveling. The question for the end user is whether it’s better to have one piece of software trying to understand all of the enterprise’s needs, or better to have a number of pieces of software all working on specific problems. The latter system only works if everything’s integrated correctly.

“The reality is,” said Copithorne, “that whether it’s PeopleSoft or access control software, whatever it happens to be, there’s a need to consolidate that information for decision making.”