Throughout our series of articles, we have identified and elaborated on the main security elements (both electronic and physical) that an organisation needs to consider as part of its protection, mitigation and response capability.
We now need to bring these disparate factors together.
This is generally done in the form of a security manual, or plan, and it fulfils two main functions.
Firstly, when considering all the various security elements as we carry out a Security Risk Assessment (SRA), we have to decide how they can be maximised, both individually and working alongside each other.
Initially, we look at everything from a cost saving and a technical perspective and then, in the security manual itself, we will collate the information from an operational and procedural perspective.
The manual serves to stitch everything together and clearly demonstrates to the user how each security element interacts with another.
Secondly, and once the assimilation of the above has been completed, we must clearly identify how this will be achieved – and who will ensure its implementation.
If this second part is not carried out effectively, the manual will just be another document that will sit on a shelf and negate all the hard work done to reach this point.
It is only by assigning responsibilities and accountabilities to various individuals and departments that this document becomes effective.
As an example, if a security procedure that has been identified in the manual as important (such as securing a high-risk room) is to be carried out effectively, a designated person (like the security manager) must identify who will be responsible for completing this action, how this would be checked and how the check is to be recorded.
That this action is done regularly and as per instructions is something that will also need to be overseen.
Generally, accountability checks will not have to be carried out as often as operational checks.
Once a security manual has been confirmed and approved by your organisation and the accountabilities of personnel have been approved, there may be a need for your human resources department to update employees’ job descriptions and Key Performance Indicators (KPIs) to reflect the new responsibilities.
All that is left to do now is to implement the manual and make sure it is periodically and effectively audited for regulatory compliance and reviewed and updated as security threats evolve – and accommodate any changes that may occur in your organisation’s business activities.
Le Beck CEO Anthony Tesar can be reached on CEO@lebeckinternational.com