Keeping Your Stadium Safe
NSI’s updated NCP 109 Code of Practice for access control systems
Richard Jenkins, Chief Executive at National Security Inspectorate (NSI) - the UK’s leading, UKAS accredited third party certification body in the security, fire safety and guarding services sectors, helping to protect businesses, public organisations, homeowners and the general public through rigorous audit of more than 1800 security and fire safety providers nationwide.
The United Kingdom Accreditation Service (UKAS) is the UK’s sole National Accreditation Body. It is responsible for determining, in the public interest, the technical competence and integrity of organisations offering third party certification, in accordance with International Standards for Accredited Certification of Management Systems such as ISO 9001 (ISO 17021) and application Standards pertinent to security and life safety such as BS 7958 for CCTV (ISO 17065).
All entertainment facilities pose security challenges, but sports stadiums are complex, often multipurpose venues, where thousands of people congregate on a regular basis. There are especially demanding security and safety criteria that include controlling access to the back of house within venue spaces.
Wireless technology, the adoption of IoT-based security systems and the cloud are all driving deployment of more sophisticated access control systems. The choice facing buyers is staggering.
What is NCP 109?
NCP 109 Code of Practice for the “design, installation and maintenance of access control systems” is NSI’s Code of Practice. It draws on the Equality Act 2010, British Standard BS 7273-4 for fire protection (activation of release mechanisms for doors) and BS 7671 for electrical installations, all of which are key to safe and well-designed systems. The upcoming release of NCP 109, Issue 3, expected in Spring 2020, embraces new technologies and methods, and will help ensure NSI approved access control installers remain at the forefront of the industry.
Compliant approved companies will demonstrate robust capability to advise on the most appropriate system given the specific needs of each building or premises to be managed. It covers matters such as reviewing the assessed threat, determining points of higher exposure and expected people flows, means of escape in the event of a fire or security incident, and the most suitable type of recognition technology.
Risk assessment is a critical activity that formally identifies risks and recognizes access control needs, the location of access points to be secured/monitored, and any requirements for remote monitoring. It is factored into system design, which takes into account the risk classification for access points and how this may vary e.g. inside/outside working hours, during daylight/hours of darkness, at weekends, or during other open/closed periods. NCP 109 requires installers to assign each system access point with a risk classification according to the level of security required: Class I (low risk), Class II (low to medium risk), Class III (medium to high risk) and Class IV (high risk).
Data storage
The management of record keeping and data security are key factors for consideration within access control systems. Typically, individuals ‘log-in’ and permissions are a point of risk. Failsafe system controls and procedures can ensure log-ins are up to date, with access permissions for employees or contractors added and withdrawn in a timely fashion - simple yet essential risk management. The storage of personal data by access control systems must also be secure, and adhere to GDPR data protection requirements.
Raising standards
NSI is committed to auditing services to British Standards and its own codes of practice, such as NCP 109 where these contribute to raising industry standards. Approvals held to this standard will:
- Demonstrate the credentials of specialist security providers to buyers and users.
- Help ensure good practice by installers engaged by stadium operators
NCP 109 provides a framework to assist installers and users in establishing risk, needs and requirements, assist users in determining the appropriate level of security and sophistication required for a given application, and assist system designers in meeting specifier or user requirements.
The successful operation of access control systems is built on clear collaboration between users and installers. Security can only be achieved with carefully developed and clearly understood specifications and usability in practice.
The customer perspective
From a client perspective choosing an NSI approved company provides confidence in a provider knowing they are subject to an ongoing independent audit programme including sample inspections of installations, expressly focused on competence and business practices.
All NSI Gold approvals include certification to BS EN ISO 9001 (for a company’s Quality Management System). System Installers elect to adhere to the relevant standards – in this case NSI Code of Practice NCP 109. They benchmark themselves against NSI approval schemes to demonstrate commitment to the highest standards of competence in the design, delivery, operation, management and maintenance of access control systems.
NSI approval provides assurance to buyers that installers, operators and managers of access control systems, deliver consistent best practice with fit-for-purpose systems and equipment, which helps keep people safe.
NSI approval signals capable and competent providers who are well placed to interpret customer needs and deliver solutions that work. NSI approvals cover a wide range of international and British Standards as well as its own Codes of Practices.