Many security managers are so caught up in their day-to-day work that they sometimes lose sight of what exactly the purpose of their company security plan is.
Many security plans have simply been “assembled” over time, with new procedures often added to address specific security issues that have arisen.
In many cases, the security manager has inherited a security plan designed by his predecessor and may not know why many of the procedures were instituted in the first place.
At least once a year, the security manager should interrupt and objectively re-evaluate the company’s security plan. Some of the questions to ask include:
- Which assets of the company (human resources, equipment, information, etc.) are the most important for protection?
- What are our biggest threats?
- What would be our “worst nightmare”?
- What do senior management and our employees expect from the security plan?
- If our security plan could only achieve one thing, what would it be?
- What are the limitations of our current security plan? Are these constraints understood by employees and management?
- Does our security plan focus on protecting our most important assets?
- Do our security procedures and systems meet the current level of risk facing the company?
- How can this security plan be improved?
If it has been a long time since a full security plan assessment was conducted, it is necessary to conduct a formal “security assessment” which is a structured process for analyzing a company’s security plan.
Although a security assessment can be performed by the security officer, it is often helpful to use an external security consultant to conduct the security assessment. A good security consultant has extensive experience in conducting security assessments and will provide an unbiased external opinion.
Senior executives are often more willing to follow the recommendations of an outside consultant than to follow the recommendations of the internal security manager.
A formal security assessment should be performed at least once every three years. Other cases in which a security assessment must be performed are:
- When major installation renovations are considered.
- When a new installation is planned.
- When the company plans a significant increase in human resources.
- When the company enters a new business line.
- When the body is going to shrink or restructure.
- After a major safety incident or significant loss.