Security Risk Assessment – 5 Signs that you may need a second opinion
The accepted best practice for identifying risk is through the undertaking of a security risk assessment.
The risk assessment process is tightly structured to ensure that all visible risk is identified. Once completed, the risk assessment will shine a light on where risks exist, allowing you to put a strategy in place to mitigate those risks.
In fact, a risk assessment should provide the basis for all security measures, practices and processes going forward. If a security measure is not reducing the risk in some way, then chances are it is a waste of time and money.
Our experience tells us that most security design is being undertaken without a security risk assessment preceding it!
So how is it possible to design an appropriate security solution if you don’t fully understand the level of risk in the first place?
We have just completed a risk assessment for a client that is getting into the handing, storage and transporting of high-value consumer items.
By high-value, I mean items that comfortably run into the millions of dollars.
At the end of last year, as a result of an expansion to their business operations, they spent a large amount of money on electronic security. Recently, they asked Matryx to review their security strategy after the implementation of the new security systems did not go as planned.
Initially, their systems and processes all looked perfectly logical, however the more we delved into their new security systems, the more holes we uncovered.
The installing contractor had correctly identified that our client needed to:
- Restrict and control access to the goods and the areas where they were stored;
- Monitor who comes and goes by way of CCTV;
- Secure the storage area with monitored alarms; and
- Accurately record stock movements and transfers.
The problem with this security strategy was that it assumed that all the risk to the business existed externally. That is, the most likely risk of loss was through a break-in or a similar event.
The strategy hadn’t considered at all that the highest level of risk actually existed from within the workplace.
For example, people working on the premises could access the secure area at any time, disable alarms and the CCTV system and walk out the front door with several million dollars of goods concealed in a coat pocket without anyone suspecting a thing.
The risk assessment showed that the client had spent too much money in some areas and not enough in others, which is the risk when risk is not properly evaluated at the start of the process.
This story is by no means unique – we see it all the time. For many businesses they don’t know any better and will heed the advice of whatever their security contractor is telling them.
How do you know if you have the right security strategy in place?
5 Signs that you may need a second opinion:
- When the value of the goods starts to get into the several million dollar range;
- When the goods are highly sought after and would have a high ”street” value;
- That there is a possibility that staff could be harmed in order for others to gain access to these goods;
- That an incident would have serious consequences to the business from either a financial, operational or reputational perspective; and
- If you have any doubts at all about what is being proposed by your service provider.
And don’t forget to ask Why?
Ask for justification on what is being proposed and how it will reduce the risk of incidents occurring.
Especially ask this if the proposed solution is heavily based around CCTV.
If you are in doubt, feel free to call us and ask questions. We won’t try and sell you anything because that’s not what we do. But we will be happy to point you in the right direction and help where we can.
Always challenge what you are being told and ask why.