With the end of the year fast approaching it is the perfect time to look back and reflect on what has happened in your organisation and see what has gone well, and, possibly, not so well. I truly hope that it is mostly the former rather than the latter…but if not, let’s recap some of the security topics that we have discussed and evaluate them.
The first subject we covered, and the most fundamental in establishing a robust and effective security strategy is the Security Risk Assessment (SRA). As we move into a new year it is always prudent to undertake an assessment to identify any changes in the threats and risks to your organisation, and thereby establish if what is in place is sufficient and effective.
Depending on the findings of the SRA, you may need an update to the Security and Safety Plan (SSP) to make sure it accurately reflects the changes that have been identified. Ensure that the main three areas of Physical Security have been reviewed to include the personnel (internal and external), the hardware (CCTV, Access Control, Intruder Detection Systems and the Control Rooms) and the infrastructure (perimeters, entry points, doors, windows and building materials). All need to be reviewed and tweaked where applicable.
Making sure all this is tied together you must make sure that the personnel leading on the Organisational Security structure are properly trained, educated and equipped to manage all the various systems in place. They also need to be aware of any changes to their responsibilities and therefore what they are accountable for in the year ahead. No emergency, or crisis, will be handled effectively, regardless of the money spent on security, if the people responsible for managing it are not able to respond quickly and confidently.
Hopefully your organisation will not have experienced any major crisis event, but there will be several that have. Ensuring your Crisis Management, Business Continuity and Disaster Recovery Plans are regularly tested will mean that they are fit for purpose.
If there is a need to enhance existing systems or hardware, I have given you some pointers on preparing and executing Requests for Proposals that will provide a basic checklist of items to include and/or consider as part of the tender process.
I am conscious that every organisation is different and that each will have its own risks and threats. A ‘one-size-fits-all’ approach rarely works and, from personal experience, will cost more than is necessary, and/or provide additional measure that are not required, or, even worse, not enough measures!
I hope that the advice I have given you over that last few months has helped in some small way to better secure your organisation. This just leaves me to wish you all a safe, secure and prosperous 2020.