What is a Security Risk Assessment, Anyway?
Any good security professional will tell you that every organization should perform a security risk assessment. The excellent ones, like us, will insist that the security risk assessment is the required first step in developing a security program. But what does that mean, exactly? And, why do you need one?
In order to stay fully operational and be able to carry out your mission, whether it be to increase profits, educate children, care for the sick or disadvantaged, or to care for your house of worship, an organization must be able to protect what is important and be prepared for the worst. Or, as we like to say here at ORS you must be able to protect from, prepare for, respond to, and recover from bad things that could happen. This is why our clients rely on ORS’ team of security experts to conduct their security risk assessments.
The first step should be an Entrance Conference with key leaders and stakeholders to discuss the assessment process in detail, agree on deliverables, establish a schedule for the project, and identify key personnel that are needed for access to required information and also identify those needed to be interviewed. In short, the entire process is collaborative and transparent and the Entrance Conference is a vital first step in meeting that goal.
Next is the assessment itself. A comprehensive assessment of threats and vulnerabilities applicable to your organization can be intense and quite exhaustive. Every assessment is tailored to the organization but here are some of the common key tasks you should expect your security specialist to perform when performing a truly comprehensive assessment:
A detailed review of safety and security policies, processes and procedures at all locations
A compliance audit comparing current practices to security requirements or best practices within your industry
A demographic analysis of the criminal activity and registered sex offenders in an immediate area
An evaluation of the use and effectiveness of electronic security systems
An evaluation of your physical security policy and procedural documents in comparison to best practices and industry standards
A review and analysis of security personnel and their practices at all locations
A Guard Force Audit to determine most effective and efficient staffing model and patrol procedures, as well as specific post orders required
A review the use of fencing, shrubbery, clear zones, security lighting and other physical and psychological barriers, through application of Crime Prevention Through Environmental Design (CPTED) standards
In some larger organization, an experienced security practitioner will also analyze your organization’s travel safety and security protocols. Some organizations need an Executive Protection program to ensure the safety and security of their chief executive and other senior managers in the organization. In those case, an analysis of executive protection policies and training requirements for those assigned to executive protection team is crucial.
At the end of the assessment, you should expect a second conference with all leaders and stakeholders to go over the results. Your security specialist should also, at the very least, provide a final report identifying any key vulnerabilities found and recommending corrective action. This report should be detailed and not just offer suggestions for improvement but also offer realistic solutions that are consistent with the organization’s operation, budget, and culture. Since every organization is unique, you need unique solutions. The job of an experienced security professional is to identify those solutions for you and assist you in implementing them.
If you have questions about security assessments or need assistance in evaluating your organization’s security and safety practices, we’re here to help. Call us any time at (850) 629-9677 or email us at email@example.com