checks and actions that companies can do themselves to mitigate risk
TRANSCRIPT
CHECKS and ACTIONS that companies can make for themselves to mitigate RISK and prior to a more extensive INTERNAL AUDIT
How to assess the safety and security of your company
Why is it important to review the security and safety of your
organization?
How to carry out a security check.
We will consider
Why should you carry out a security and safety survey?
Why should you carry out a security and safety survey?
The ultimate purpose of undertaking a security survey is to determine the most cost-effective and practical ways to protect
your assets: your people, property and information
At the core of the onion is your business or organization
Containing all of your assets (property, people and information)
If you think of your organization as being like an onion, then the more layers of security protection around your core business, then the more secure and safe you are likely to be
All of the things that are essential to your operation are in the centre of this onion, beneath many protective layers
How do I carry out a security check?
Do not pre-announce or publicize when or where you will be carrying out a security or safety check. If your staff know when it is, then they are likely to deviate from their ‘normal bad habits’
Have floor plans and site diagrams
labeled with control systems to help you identify current and
potential security and safety risks
Work systematically and thoroughly, using
the guide below to help you. You have to ‘think like a criminal’ and spot existing and potential
risks and weaknesses in your organization
It is recommended that you record your findings
and create an action plan. This plan will state the issue and the safety and security measures
and procedures you have installed to
mitigate risk
What are the common risks and threats that you should check and consider?
When you review the security of your organisational assets (property, people and information), you need to consider how you
control and manage risks
Technological assets
Staff assets
Fixed assets
Are fences, walls, security and locks on windows and doors secure?
Can perimeters be scaled or breached?
Are the CCTV cameras in good working order?
Who is responsible for
the maintenance of security
systems in your organization?
Are the alarm systems
working?
Premises
Are CCTV cameras and
alarm systems serviced and
tested regularly?
Where is this information recorded?
How easy is it for visitors to access your premises?
Are staff vigilant? Do
they know how to report risks?
Are visitors challenged by
staff and asked to sign visitor
book and show ID?
Policies and Procedures
Do you have an effective passcode /
key policy in place (for
locks)?
Do you change
electronic door entry
codes regularly?
If using locks with physical
keys, how effectively does your key usage policy work in
action?
Are physical (and virtual) keys stored securely?
What controls are in place and fully
working with respect to access
to restricted access areas (e.g. mail rooms and server rooms)?
How effective is
staff induction
and training?
Are staff aware of their security responsibilities (e.g. they have to wear IDs at
all times)?
Staff
Are staff following security policies?
Do staff pose security risks
such as holding doors open to strangers and lending their
passes to others?
Do staff know how to report security issues?
Are security
staff trained?
How do you monitor their job
performance?
What happens
when they spot a
potential risk?
How do you vet staff and ensure you
are employing the right people?
Technology
How do you back up
electronic data?
Is it on site?
Are back ups stored
separately from main
data? Where? How?
How effective are the security
arrangements to protect
servers?
Who is responsible
?
How often you make adequate backups (so you
can recover critical data or
information, if it is damaged or
stolen)
How well are you protected
against Viruses,
Malware or Ransomware?
What are the specific threats and risks for your organization?
It is impossible to list all of the risks for every organization
Employing an independent security consultant to review your organization's security and safety is a worthwhile
investment.
There are some simple things you can control and manage
to mitigate your risk, and reduce the chance of
becoming a victim of crime
How can you control and manage safety and security risks?
Any response to minimising risk should be both consistent and appropriate. Companies, who excel in mitigating risk, plan a
sufficient budget to allocate to risk preventionA senior member of staff is appointed as
‘Security Liaison Manager’
A strict policy is in place for Key holders
and access arrangements
The company belongs to a Business
Watch scheme
You should create a security register, where you can
record
Your assessment findings
Details of any security systems already in place
Alarm systems
List of the key holdersA plan of the premises, labeled with building and door numbers
Your security action plan, detailing what needs to be addressed
How often should you review your facilities, procedures and policies?
These simple checks can be completed once a month
Most companies perform these checks four times a
year
A security consultant will be able to advise you on the best course of action
How can you control and manage safety and security risks?
Any response to minimising risk should be both consistent and appropriate. Companies, who excel in mitigating risk, plan a
sufficient budget to allocate to risk prevention
Whilst this article focused on the simple checks you
can make yourself
We recommend that you appoint one of our trusted
security consultants to independently assess and
check security in your organization
Read More