Independent Expert Design Validation
A peer review of security design — whether produced by a client's own team, a consultant, an MEP practice, or a vendor — conducted by an independent expert with no relationship to the design team, no affiliation with any OEM, and no interest in any particular outcome other than whether the design actually works.
Security designs are frequently reviewed only by those who created them
A design produced by an in-house team is reviewed by that team. A design produced by a consultant or MEP practice is reviewed by that practice. A design produced by a vendor or OEM is reviewed — and often written — by the vendor. In each case, the review is conducted by someone with a structural interest in the design being approved, not rejected.
Independent Expert Design Validation introduces a genuinely separate perspective — a senior practitioner with no relationship to the design team, no commercial tie to any product or system, and no brief other than to assess whether the design meets its stated security objectives. The result is a structured peer review: technically rigorous, clearly communicated, and actionable before a single installation decision is made.
We review designs at any stage — from early concept through to detailed specification — and across the full security systems scope as a single integrated engagement, not a series of disconnected system-by-system reviews.
The most expensive time to find a design flaw is after installation. The second most expensive is during procurement. Independent validation exists to find those flaws at the only point in the project lifecycle where fixing them costs nothing except the decision to do so.
Three reasons clients commission validation
Independence
We have no relationship with the design team, no affiliation with any OEM or system integrator, and no interest in the procurement outcome. Our review is based solely on whether the design meets its stated security brief — nothing else influences the findings.
Breadth
Security systems do not operate in isolation — access control, CCTV, intrusion detection, visitor management, and perimeter protection must work as an integrated whole. We review the full security design as a single engagement, assessing integration as well as individual system performance.
Timeliness
Design validation has its highest value before procurement and installation decisions are made. We engage at whatever stage the client is at — but the earlier the review, the lower the cost of acting on its findings. Design flaws caught on paper cost nothing to fix.
OEM-written specifications that favour the OEM
It is standard practice in the security industry for vendors, OEMs, and system integrators to produce or heavily influence the technical specifications that are then used to procure the very systems they supply. The specification is written in language that, by design, only their product can satisfy — locking the client into a procurement outcome that was determined before any competitive process began.
Clients are often unaware this has occurred. The specification looks comprehensive and technically detailed. It references industry standards. It appears to be objective. But embedded within it are proprietary requirements, non-standard protocols, or performance thresholds calibrated specifically to exclude alternative products. By the time the issue is visible, the design has been approved, the procurement has been awarded, and the leverage to challenge it is gone.
What independent validation catches
We read specifications with the specific question of whether they are genuinely open to competitive procurement or whether they have been structured to favour a particular vendor outcome. Where proprietary language, non-standard requirements, or suspiciously specific performance thresholds appear, we flag them — before commitment is made.
Why this matters beyond cost
OEM-locked specifications do not just limit competition and inflate cost — they also prevent the client from selecting the system that is genuinely best suited to their security requirements. The outcome is a security design that serves the vendor's commercial interests, not the client's security objectives.
Our position
We have no commercial relationship with any OEM, vendor, or system integrator. We are not a reseller, a certified partner, or a preferred supplier of any platform. Our review of a specification is conducted entirely from the client's perspective — asking only whether it delivers what the security brief requires.
What we review
Design validation can be commissioned for a single system or across the full integrated security design. The following represent the core scope areas.
Physical Security Design
Site and campus security layouts, perimeter design, access point configuration, security zoning, and the physical security measures proposed across the estate — reviewed against the stated threat and vulnerability profile and applicable design standards.
Access Control System Design
Architecture and specification of access control systems — door controllers, readers, credential management, integration with HR systems, visitor management, and the security logic governing access rights and audit trail requirements. OEM-specification bias is a particular concern in this area.
CCTV & Surveillance Design
Camera placement and coverage modelling, resolution and field-of-view specifications, recording and retention architecture, analytics requirements, and the integration between CCTV and other security systems — including whether coverage claims in the design actually hold under the specified conditions.
Perimeter Security & HVM Design
Perimeter protection specifications, hostile vehicle mitigation design, and the integration between physical barriers and electronic security systems — reviewed against the threat assessment and relevant standards including CPNI guidance and IWA/PAS/ASTM performance requirements.
Blast Mitigation Design
Where blast mitigation measures have been specified, independent review of whether the specified measures are proportionate to the assessed threat, correctly specified against applicable standards (UFC, ASCE, ISO), and integrated appropriately with the wider structural and security design.
Systems Integration & Architecture
The integration architecture connecting all security systems — protocols, interfaces, data flows, and the control room or SOC design that sits at the centre. Integration failures are the most common source of security performance gaps in otherwise well-specified designs.
What validation typically finds
Most designs reviewed through independent validation have at least one material finding. The following are the issues we identify most consistently.
Design does not meet the stated security brief
The most fundamental finding — a design that, when tested against the brief it was commissioned to address, does not deliver the protection level specified. This occurs most often when the design has been produced by a team with technical competence but limited security advisory experience, or when the brief itself was poorly defined at the outset.
Over-engineering — disproportionate to the actual threat
Designs that specify a higher level of protection than the assessed threat warrants — inflating cost and complexity without a corresponding security benefit. Over-engineering is frequently the result of vendor influence, risk-averse design culture, or the absence of a formal threat assessment to calibrate the design against.
Value engineering that has compromised security intent
Where cost reduction has been applied to the security design without independent assessment of whether the reductions are security-neutral. Value engineering decisions made by quantity surveyors, project managers, or contractors without security expertise frequently remove measures that appear non-essential but are functionally critical.
OEM-biased specifications locking procurement
Specifications written by or in close collaboration with a specific vendor — containing proprietary requirements, non-standard protocols, or performance thresholds that structurally exclude alternative products from competitive procurement. Clients are often unaware this has occurred until independent review identifies it.
Integration failures between security systems
Designs where individual systems are specified competently but the interfaces between them — access control to CCTV, intrusion detection to command and control, visitor management to access rights — are underspecified or incompatible. Integration gaps are the most common source of operational security failures in commissioned systems.
Under-design — insufficient coverage or protection
Designs that simply do not provide adequate security coverage for the environment — whether through insufficient CCTV coverage, inadequate access control zoning, perimeter gaps, or the absence of systems that the threat profile requires. Under-design frequently goes undetected because no independent party has tested the design against the brief.
Validation deliverables
The validation engagement concludes with a structured set of outputs designed to be immediately actionable by the design team, the client, and where relevant, the approving authority.
Written Validation Report
A structured, system-by-system assessment of the design against the stated security brief and applicable standards. Findings are clearly categorised, evidence-referenced, and presented in a format suitable for use by the design team, the client, and any approving authority or regulator.
Marked-Up Drawings
Where specific drawing-level comments are required, we return marked-up versions of the submitted design documents with annotations identifying the precise location and nature of each finding. This provides the design team with unambiguous, directly actionable feedback without the need for interpretation.
Compliant / Conditional / Non-Compliant Rating
Each system and design element receives a clear status rating: Compliant (meets the brief without qualification), Conditional (meets the brief subject to specified amendments), or Non-Compliant (does not meet the brief and requires redesign). This provides the client and design team with an unambiguous picture of where action is required.
Who commissions this service
Design validation is commissioned by anyone with a legitimate interest in knowing whether a security design actually works — before money is spent building it.
Client / Asset Owner
Clients who have commissioned a security design from a consultant, MEP practice, or vendor and want independent confirmation that the design meets their security objectives — before procurement, before installation, and before the window to act on findings closes.
Tenant Taking Occupation
Tenants about to take a facility for office or similar use who wish to understand whether the security design of the premises — as built or as proposed — is adequate for the tenant’s own safety requirements, the regulatory standards of their industry, and the security expectations of their clients.
Lender, Insurer or Regulator
When a lender, insurer, or regulator makes independent approval of a security design a prerequisite for financing, coverage, or regulatory clearance, a formal validation process supplies the objective, third‑party assurance that self‑certification simply cannot provide.
Commission an independent design review
If you have a security design that needs independent peer review — whether produced by a consultant, an in-house team, or a vendor — we will assess it against your stated brief and tell you clearly what it gets right, what it does not, and what needs to change before you commit to building it.
Initial conversations are obligation-free. Share the design scope and we will confirm what a validation engagement would involve, how long it would take, and what it would cost.