12 Jun What is SEEPL and why is it important?
When you want security, you want SEEPL. This stands for Security Equipment Evaluated Product List, and is a register of high-security products approved by SCEC (The Security Construction and Equipment Committee). The aim of the SEEPL is to ensure that high-security government departments are able to adequately protect their resources, people and assets.
Understanding SEEPL and SCEC
The SCEC is a government-formed committee tasked with evaluating products that external suppliers put forward, and determining whether or not they meet government security requirements outlined in the Protective Security Policy Framework (PSPF). As well as declaring the product suitable for inclusion on the SEEPL, the SCEC also ensure any specific applications or limitations are detailed.
Government agencies use the list to ensure that their security arrangements meet the minimum requirements.
They categorise equipment into four levels, according to the standard of protection they provide. SL4 (Security Level 4) is suitable for high threat level areas, and is the best possible rating. SL3 approved products are suitable for medium threat levels, SL2 for medium-low, and SL1 for low threat level areas.
Government agencies use the list to ensure that their security arrangements meet the minimum requirements of the PSPF, which is non-negotiable in some departments. Given the level of security required, details of the products included on the SEEPL are not publicly available. Only those considered ‘need-to-know’ can access it.
It’s also worth noting that the SCEC are interested only in the security aspect of the products they assess. They do not consider any other key features or provide any wider form of recommendation.
Why is this level of security important?
In any business, but especially in government agencies, there is a need to protect people, resources, facilities and assets. According to the type of department or nature of the work they do, a low level of physical security may suffice – such as one-factor authentication or a staff escort for visitors. Other agencies may need to multiple access levels for different parts of the building or staff and install dual authentication methods. They may also need a fortified perimeter or specific types of hardware.
Using technology and equipment that is properly certified allows organisations to automate these processes and reduce time spent administrating access policies.
What are the benefits of SEEPL approved products for your organisation?
While certain government agencies are bound by these standards, other organisations with high-security assets may want similar levels of protection. CIC Technology produce two SCEC approved products, including the only key cabinet cleared at Security Level 4 (the highest level). The C.Q.R.iT eXtreme high-security electronic key cabinet L is approved for Security level 3, while the eXtreme T is enhanced for Security Level 4.
To ensure our key cabinets offer the best possible level of protection for your most valuable assets, we include a number of crucial security features in both designs.
To prevent unauthorised users gaining access to your keys, the eXtreme cabinets offer two-factor authentication. This means that anyone opening the cabinet requires two key pieces of information, such as a user ID and a PIN. If they don’t have both, they can’t get in.
Where a key gives access to a particularly confidential resource, you might want to ensure that two members of your staff are present for release. With this function activated, two users must enter their security data before the key is made available.
Electronic key cabinets rely on the transfer of key data to authorise access to approved persons. Naturally, the data they rely on is sensitive, and our cabinets use 256-bit AES encryption to ensure it remains confidential.
Requiring that the same person returns the key adds another level of security in terms of your audit trail. Your employees know that they’ll be held accountable if the key is not returned, and are not allowed to hand it over to someone else without it first going through the key cabinet authorisation system.
Even with watertight access controls, there is still a risk that an intruder could attempt to override security to by physically breaking into the cabinet. At CIC we take steps to ensure this doesn’t happen by including:
- An internal cover plate to hide and protect locking mechanisms.
- A three point locking system on the door itself.
- Internal baffling at cable entry points.
If you know your keys don’t need to be accessed after business hours, you can set your cabinet to lock automatically. This function overrides all other forms of access, which means no one, even approved users, can access the keys until the night lock automatically deactivates. Not only does this protect against intruders, but against concerns within your staff body too. You can set the timings to suit your working day.