Independent Security and Risk Advisors
Security BlogRead our latest security insights.

Why we are changing security risk management

Last July, an existing client engaged us to design the security system for a building that was under construction. It is part of a property where we conducted a security risk assessment a few years earlier.

As part of the security design process, we always consider the property’s risk profile. We need to be sure that the design we recommend is appropriate for the building and the local environment.


Without it, we could not be absolutely sure that our design is the right solution.

The client was surprised when we asked to sit down with him to revisit the risk assessment process. “Why do you need to do that?,” he asked. “You guys did the last risk assessment. Nothing has changed”.

In fact, an enormous amount has changed.

I can tell you that when we did the initial risk assessment, hostile vehicle mitigation was not on our radar, at least not for a property like this. It is now. And plenty of other things will have changed –the neighbours, how the property is used, traffic flow, crime rates and the functions of on-site security personnel.

Our security risk management process continues to evolve as the threats that need to be considered change and mature. These might now include things like:

  • active shooter incidents
  • terrorism
  • lock-down and evacuation procedures
  • tenant alert systems and communications
  • standard operating procedures (relative to a heightened risk profile and newly identified risks)
  • security technologies and integration

If there is one constant in our industry is change. We mitigate one risk and others will appear in a new way, or for different reasons. Nothing stays the same and we have never undertaken a security risk assessment that did not identify ways to improve security.

And we speak from considerable experience, having reviewed more than 360 commercial and industrial properties over the past seven years.

I had to explain to our client that a risk assessment is not valid for three years. It’s not even valid for 12 months. It is actually only valid for one day. Once the assessor leaves and can no longer see the property and its local environment, the risk assessment is out of date.

Once the assessor leaves and can no longer see the property and its local environment, the risk assessment is out of date.

If we understand that change is a constant, why do we wait two or three years for our next risk assessment? Probably because the methodology we follow today is regarded as best practice, consistent with current standards and complies with legislative requirements.

That is all very well, but what if a review is needed earlier? Or, what if any change has been minor and does not justify another full review?

Many properties that operate under umbrella organisations like APRA or the Australian federal government’s Protective Security Policy Framework (PSPF) program conduct security risk assessments on properties whether they need them or not. That’s a little illogical in our book, but so is waiting three years for a review if change justifies improvements sooner. A change in risk should be addressed as soon as that change is identified.

A change in risk should be addressed as soon as that change is identified.

We know that the value of security risk management can be improved dramatically by providing clients with new recommendations exactly when they are needed. Like if there is an escalation in the National Terrorism Threat Advisory System, a needle exchange opens around the corner or a business wants to reduce their security staffing levels.

These are the times when the facility and building managers need to understand how the change impacts them and their property. And, what else they might need to do.

In the security industry, much of what we do is based on tradition and accepted best practice. In many ways, we do things because “they have always been done that way”. The industry is by nature, a very conservative one.

This approach is not unique to security. Countless industries have done things the same way for hundreds of years, partly because their methods generally work and people historically resist change. But security-related risks do not just appear in nice neat, three-year cycles. They can evolve over time or appear quite quickly.

Security-related risks do not just appear in nice neat, three-year cycles.

The local, national and global environments are highly fluid and we monitor them very closely. This month we launched something truly unique to assist in the management of security-related risk – RiskDynamyx®.

We believe that RiskDynamyx® is the world’s first dynamic security risk management application for commercial and industrial properties. It is not only logical but one we hope we will re-define security risk management best practice in Australia’s property sector.

By continually monitoring properties using data and analytics, RiskDynamyx® will ensure that security risk assessments are always up to date and the chances of an adverse event are minimised.

It is a very proactive yet incredibly cost-effective way to manage security-related risk.

Let us know what you think of it.  Feel free to email me personally.


Matryx is proud to acknowledge the Aboriginal and Torres Strait Islander Peoples as the Traditional Custodians of the lands, and we pay our respects to Elders past, present and emerging.

© 2024 Matryx Security Consultants | All Rights Reserved