The planning of security requires an understanding of not only the threat but also how it might affect the organisation from a financial and operational perspective. The challenge in the planning process is the ability to integrate physical and procedural security measures with cultural and business expectations in terms of the working environment and aesthetic appeal as well as remaining compliant with the appropriate standards.
With current threats and the changing risk environment as well as the possibility of regulatory sanctions the previously held inclination towards risk acceptance or feigned ignorance of security issues is less acceptable. Consequently, there is an increased expectancy that security be included as a part of planning new projects and in the management of existing facilities. This expectancy drives an increased co-operation between designers, planners, facility managers and security experts, which means that physical, procedural and electronic security measures are much less obtrusive than in the past and early dialogue can identify the most effective and acceptable solutions.
The nature of the organisation and the sector in which it operates will define both the potential threats and the attitude and approach to security and the way it should be delivered. It will also identify the need to comply with regulatory requirements and ensure that organisation and operational imperatives are addressed. An independent security consultant is ideally placed to assess how security might impact upon the day-to-day operation of the site and the ability of the infrastructure to support security solutions. Whatever the sector or company, however, it may be helpful to adopt a common and scalable approach to the identification and management of risk with the basic elements described below.
One way to ensure the organisation’s assets are adequately protected from loss is to assess the type and extent of potential threats to understand the level of security required. It is advisable to use this as the foundation upon which to formulate the security strategy and establish the most suitable approach.
An assessment of the building’s existing security measures, through a survey, will determine the vulnerability to the threats that have already been identified. This will provide an indication of the extent to which security already mitigates the threat.
Analysis of the potential threats and risks will provide an indication of the strategies that should be put in place to manage the risk, based upon the probability and impact of the threat coming to fruition.
Risk management is concerned with the treatment of risks to reduce the probability of them materialising and/or their impact. A risk managed approach to security implies a detailed understanding of the risks faced and the application of proportionate and appropriate mitigation measures. This contrasts with the blanket application of standard security measures with no consideration of local context.
Security issues should be managed and reviewed through a process of audits, inspections and reviews.
Any changes that may arise because of an alteration to the organisation’s threat profile will require key stakeholders to be consulted. This will initiate the other aspects of the process that should be considered as part of security planning.
The design of security systems and the quality will depend upon the standards to be applied. Specific sectors and particularly those working to or in support of the government domain, will be required to meet pre-determined standards in physical and technical security systems. They will have been assessed against the threats and the ability to resist forcible and surreptitious attack. These standards will establish the key design and installation features and determine the performance criteria they should be able to meet. It is important to check the latest security standards, as these are reviewed periodically, to ensure that you’re applying the most up to date version.
Security planning is an ongoing management activity that requires regular review to ensure that it remains relevant to the threat, building roles, organisation and operations. The security manager will recognise the changes in building management that may initiate the need for a review in security. They will be able to advise the organisation that its operation may be vulnerable and where aspects of security may need to be reviewed.
Security plans should be included within the business operational planning and management process and be continuously monitored and reviewed as appropriate. Security plans should be reviewed periodically in response to changes in the threat, market position and operational approaches; all of which may change the organisation’s risk profile and vulnerability. The extent of the review will be influenced by the extent and depth of change however, the entire security profile should be examined periodically to ensure that standards are maintained, and systems are fit for role. Periods between reviews can be based upon the importance of the site and the operations it supports and prioritised accordingly. Whatever the case, security plans should be reviewed at least on an annual basis.
Ownership of the Security Plans should be defined as part of this process and should sit at the most appropriate level of the host organisation depending upon the potential risk to business. This could mean that a main board director has the key responsibility but wherever the responsibility lies it is essential to identify that individual and thus define ownership as well as operational and reporting responsibilities.
Martyn's Law, honouring Martyn Hett, will boost UK venue security by requiring tailored protective measures to better prepare for and respond to terrorist attacks.