Evaluating Your Security Program
Many security managers are so caught up in their daily jobs that they sometimes lose track of just exactly what the purpose of their company's security program is.
Many security programs have simply been "pieced together" over time, with new security procedures often added to address specific security problems that have occurred over the years.
In many cases, the security manager has inherited a security program that was designed by his or her predecessor, and may not know the reason why many of security procedures being followed were instituted in the first place.
At least once a year, the security manager should pause and objectively reevaluate the company security program. Some of the questions to be asked include:
What company assets (people, property, information) are the most important to protect?
What are our greatest threats?
Who are our most likely attackers?
What would be our "worst nightmare"?
What do senior management and our employees expect from the security program?
If our security program could accomplish only one thing, what would it be?
What are the limitations of our present security program? Are this limitations understood by employees and management?
Does our security program focus on protecting our most important assets?
Are our security procedures and systems responsive to the current level of risk faced by the company?
How can the present security program be improved?
If it has been a long time since a complete evaluation of the security program has been conducted, it is often helpful to conduct a formal "security assessment". The "security assessment" is a structured process for analyzing a company's security program.
Although the security assessment can be conducted by the security manager, it is often beneficial to use an outside security consultant to conduct the security assessment. A good security consultant has extensive experience in conducting security assessments and can offer an unbiased outside opinion.
Often, senior management will be more inclined to implement recommendations made by an outside consultant than they would be to implement recommendations made by the security manager.
A formal security assessment should be conducted at least once every three years. Other times when a security assessment should be considered are:
When a major facility renovations are being considered.
When a new facility is being designed.
When the company is planning a significant increase in the work force.
When the company is entering a new line of business.
When the organization is about to go through downsizing or restructuring.
After a significant security incident or major loss has occurred.
For more information, please see Physical Security Assessments.
Like this article?
Visit our Security Tips page for more than 75 additional articles on a variety of topics related to physical security
Follow us on Twitter to be notified when new Security Tips are published
Did You Know?
Silva Consultants is an independent security consulting firm and does not sell security equipment or products
Silva Consultants can assist you in the design and planning of an effective security program and in the selection of security products and services
Please contact us for further assistance
Thinking about becoming an independent security consultant yourself?
Buy Michael A. Silva's book on Amazon
"Becoming an Independent Security Consultant – A Practical Guide to Starting and Running a Successful Security Consulting Practice"
Published May, 2016