Doing it by the book...
Throughout our series of articles, we have identified, and elaborated on, the main security elements (both electronic and physical) that an organisation needs to consider as part of its protection, mitigation and response capability. We now need to bring these disparate factors together. This is generally done in the form of a Security Manual, (or Plan), and it fulfills two main functions.
Firstly, when considering all the various security elements as we carry out a Security Risk Assessment (SRA), we have to decide how they can be maximized, both individually and working alongside each other. Initially we look at everything from a cost saving and a technical perspective and then, in the Security Manual itself, we will collate the information from an operational and procedural perspective. The manual serves to stitch everything together and clearly demonstrates to the user how each security element interacts with another.
Secondly, and once the assimilation of the above has been completed, we must clearly identify how this will be achieved, and who will ensure its implementation. If this second part is not carried out effectively, the manual will be just another document that will sit on a shelf and negate all the hard work done to reach this point! It is only by assigning responsibilities and account abilities to various individuals and departments, will this document become effective. As an example – if a security procedure that has been identified in the manual as important (e.g. securing a high-risk room) is to be carried out effectively, a designated person (e.g. the Security Manager) must identify who will be responsible for completing this action, how this would be checked, and how the check is to be recorded. That this action is done regularly and as per instructions is something that will also need to be overseen. (The Accountability). Generally, accountability checks will not have to be carried out as often as operational checks.
Once a Security Manual has been confirmed and approved by your organisation and the account-abilities of personnel have been approved, there may be a need for your HR department to update employees’ Job Descriptions and Key Performance Indicators (KPIs) to reflect the new responsibilities. All that is left to do now is to implement the manual and make sure it is periodically and effectively audited for regulatory compliance and reviewed and updated as security threats evolve, and accommodate any changes that may occur in your organisation’s business activities.
In the next article will discuss how we can enhance a Security Manual by incorporating safety considerations, and how these factors will often naturally overlap to ensure a more holistic approach.
Anthony J Tesar / CEO / Le Beck International / CEO@LeBeckInternational.com