Security incident reporting systems are used to keep track of thefts, losses, and other types of security events that occur at an organization. Keeping an accurate record of security incidents is an essential part of any good security management program. You can't manage what you don't track.

A good security incident reporting system allows trends, such as the increase in a certain type of crime, to be quickly identified. This allows security resources to be allocated to where they are needed most. A good security incident reporting system can also tell you if security improvements that you have implemented are working well or if additional fine-tuning is needed.

The following are some tips for implementing a good security incident reporting system for your organization:

• Security incidents of all types should be reported and tracked. This should not only include serious events such as major thefts and assaults, but also less serious events such as graffiti and minor vandalism.

• The theft or destruction of personal property owned by employees that occurs in the workplace should also be tracked. This could include something as minor as the theft of an employee's lunch or vandalism to an employee's car in the company parking lot.

• A convenient method of reporting security incidents should be provided. This can be through the use of a written form, or through the use of an on-line form on the company's internal web site. Whatever system is used should be accessible to all employees, not just to supervisors and managers.

• Employees should be trained on how to report security incidents during new employee orientation and during security awareness training sessions. Employees should be frequently reminded of the reporting process and encouraged to report all incidents, no matter how slight.

• All security incidents reported by an employee should be followed-up on by the security manager or other person who manages security for the company. Incidents requiring further investigation should be followed-up on immediately. In addition, a second follow-up should be made approximately thirty days later to provide an update to the employee on what action has been taken by the organization in response to the security incident (even if no positive result was achieved).

• A summary of all security incidents should be compiled and published on a quarterly or semi-annual basis. This document should list security incidents by type and the total dollar value of the losses. This summary should be distributed to all members of the senior management team.

• Most contract security companies have a reporting system that is used by their security officers to report security incidents. In most cases, copies of these reports are made available to the client. While these reports can be a source of useful information, they should not be considered a substitute for the company's own internal incident reporting system as described above.

If you have questions, or need help in developing a security incident reporting system for your facility, please contact us.