Integrated Security Management Systems Pilot Projects

1. Integrated Security Management Systems Pilot Projects United States – Israel Science & Technology Foundation (USISTF) Dr. Marc Siegel Program Director United States – Israel Science and Technology Foundation (USISTF) Phone: 202-419-0432 Email: siegel@usistf.org

3. Program Objectives Develop a blueprint for action for U.S. and Israeli private, public, and governmental entities. “Proof of concept” of an integrated security management system built on existing tools and standards. Provide the public and private sectors with relevant guidelines for an integrated security management system that are consistent with existing management system approaches, guidelines, and standards.

4. Why a Management System? Provides a set of benchmarked tools and processes Helps to systematically identify risks and problems, as well as problem-solving tools Inclusive process Provides specialized training Establishes operational controls and procedures Creates measurable goals and methods for accomplishing identified objectives

5. Why Use Existing Standards? Facilitates joint audits Promotes parallel assessments Potential benefits and savings in case of certification and third-party registration Avoids conflict and/or duplication More easily understood & implemented Leverages management buy-in Combines “loss leaders” Accelerates development and action

6. Project Timeline Planning group established Oversees project implementation USISTF, MOE, SII, OFEE, and Israel Police Security Division Stakeholder Meeting: March 10-11, 2004 Washington, DC Established a clear blueprint for the steps involved in planning and implementation of the demonstration projects including the drafting of guidelines, protocols, and benchmarks for the conduct of the demonstration projects Established bi-national working groups to develop and oversee demonstration projects Agreement on information sharing and the protection of sensitive information July 15, 2004 - Request for Applications for pilot studies closed August 10, 2004 – Binational Peer Review Panel concludes application reviews August 10-12, 2004 – Binational Working Group One meets at SII in Tel Aviv Drafts Security Management Standard drawn on elements derived from the current ISO 9001 (quality management), ISO 14001 (environmental management), BSI 18001 (occupational health and safety) standards and the new NFPA 1600 (disaster/emergency management and business continuity programs) standards Standard and guidelines to be used as baseline in all pilot projects September – October 2004: Pilots recommended by reviewers refined and finalized Meetings with US DHS to identify pilot sites of major national impact and collaboration Development of in-house pilot projects November 2004 – November 2005 Pilot project underway

7. Stakeholder Meeting: March 2004 Identified the approach, procedures, outcomes, and metrics necessary to create an integrated security management system Recommended use of the "Plan, Do, Check, Act" PDCA model & ISO-14001 Precursor to the launch of  proof-of-concept pilot demonstration projects

8. Working Groups Group One: To develop products and guidelines Group Two: Oversees implementation with pilots. Including serving as project resource, and ensuring milestones are on track. (implementation metrics) Group Three: To develop metrics for system performance and security assurance (performance metrics) Group Four: To monitor progress and work products in the interest of ultimate converting the information to an international standard. This group may begin writing Guide 72 Justification Document in parallel.

9. Common Elements Policy Planning Implementation and operation Performance assessment Improvement Management review

10. An Effective Management System Flexible Transparent Useful to the “practitioner” In harmony with mission focus Focused on continual improvement

11. Plan-Do-Check-Act Model (PDCA) Continual Improvement

12. Key Elements of Integrated PDCA Management System Policy statement/commitment Identification and prioritization of significant vulnerabilities and impacts Development of objectives and targets Implementation plan to meet objectives and targets Checking and follow-up Training Management review

13. Guiding Principles of Project Market Relevance Meet demonstrated market needs Encourage competitiveness and innovation Avoid unnecessary burden Avoid complexity Should not imposed trade barriers Used to achieve performance goals Valued added to business and operations

14. Rationale for Using EMS Approach Much of an Environmental Management System (EMS) may already be in place Key is to use a systematic approach to planning, controlling and improving security efforts Can be a vehicle for positive change

15. Security Management Standard

16. Planning

17. Implementation and Operation

18. Checking and Corrective Action

19. Management Review Process

20. Objectives of Pilot Case Studies Create a set of guidelines and tools for wide-ranging implementation of integrated security management systems across industry, service, business, and governmental sectors Test proof of concept prior to initiating the discussion of the mechanics of developing a standard Provide the basis for either developing a set of guidelines as the end product, and/or providing the experience and data necessary to proceed with the “Justification Study Process” of developing a standard defined in the ISO Guide 72:2001(E)

21. Pilot Studies Underway AcuTech Consulting Group:  Israeli Partner: Rotem Industries, Ltd. Israel Pilot Site:  Israel Petroleum & Energy Infrastructures Ltd. (PEI) Kamad Glilot site or Admot Hazafon site. U.S. Pilot Site:  Washington D.C. Water and Sewage Authority Blue Plains Facility Environmental Security International: Israeli Partner: Rotem Industries, Ltd. Israel Pilot Site:  Schneider’s Children’s Medical Center of Israel U.S. Pilot Site:  North Shore – LIJ Health System’s Schneider’s Children’s Hospital Pediatric Trauma Center of Queens, New York Sinai Hospital of Baltimore: Israeli Partner: Barzilai Medical Center Israel Pilot Site:  Barzilai Medical Center U.S. Pilot Site:  Sinai Hospital of Baltimore

22. Additional Pilots Israel Aircraft Industries:  U.S. Partner: Network Information and Space Security Center (NISSC), Colorado Springs, Colorado Israel Pilot Site:  Israel Aircraft Industries U.S. Pilot Site:  Two U.S. aerospace sites as candidates

23. In-house Pilots Commercial Properties Israel Pilot Site: "Kiryon" office building and shopping center in Haifa U.S. Pilot Site: Commercial property in New York Ports Israel Pilot Site: Katsaa Port U.S. Pilot Site: Candidates being finalized Airports U.S. Pilot Site: Candidates being considered

24. Other Initiatives Homeland Security market workshop in Israel Will address first responder technology requirements and needs Emphasis on US standards and procurement requirements Israeli and American companies must meet to participate in first responder market Approaches necessary for addressing technology integrator needs.  This workshop would benefit both technology developers and potential exporters of technologies. Workshop in Virtual Reality applications in homeland security – Israel and the US

25. Thank You Dr. Marc Siegel Program Director U.S.-Israel Science & Technology Foundation - USISTF 1130 17th St. NW, Suite 312 Washington D.C., 20036 DC Phone: 202-419-0432 San Diego Phone: 858-484-9855 Fax: 202-419-0435 Email: siegel@usistf.org URL: http://www.usistf.org