Companies face greater and greater challenges every year as they address potential and actual losses from theft, terrorism, and natural disasters. As the threats have increased, many savvy business managers have begun to come to terms with the consequences of not being proactive in addressing these threats. A thorough security survey, conducted as part of a larger risk assessment, will be any business manager’s most valued asset when addressing these potential sources of loss.
Prior to beginning a security survey, companies will need to identify and have a clear understanding of exactly what needs to be protected. The assets that most companies are looking to protect consist of their employees, customers, facilities, and proprietary information. Because every company is different, the particular threats that each faces will be different and also have varying levels of criticality.
Criticality is a risk management concept that refers to the impact that the loss of a particular asset will have on the business as a whole. The criticality of any asset should be based on more than just the cost of replacement. It should also take into account the cost of putting temporary assets in place, cost of downtime, and increases in insurance rates. The process of defining criticality is usually done during a Business Impact Analysis.
Once the questions of what needs to be protected are answered, a thorough security survey can be conducted. The security survey will be the foundation for designing a security plan to address the company’s physical security requirements.
The Security Survey
A security survey is a comprehensive analysis of a company’s premises, systems, and procedures. There are three primary objectives for performing a security survey:
- Measuring the security that is currently in place;
- Identifying and quantifying any weaknesses in the current security plan;
- Determining the degree of protection required.
After the security survey is complete, there should be enough information to make recommendations for improving the current security program. Conducting a security survey should only be performed by professionals who have extensive training and experience in performing these surveys.
Again, since no two facilities are the same, no particular survey format will be able to cover every facility type. We have included a survey (ORC Security Survey v2.0) as an example of what one might look like.
The security survey is great tool that should be part of any company’s security program. But it should not be confused with the overall risk assessment that company’s should be conducting and/or evaluating regularly.
This post only touches on some of the most basic concepts associated with risk assessments. Do you have other resources that companies should reference when trying to learn about risk management? What should companies look for when trying to find professionals to conduct security surveys? Please leave your comments below, we would love to hear from you.
By Courtney Sparkman