CHECKS and ACTIONS that companies can make for themselves to mitigate RISK and prior to a more extensive INTERNAL AUDIT

How to assess the safety and security of your company

Why is it important to review the security and safety of your

organization?

How to carry out a security check.

We will consider

Why should you carry out a security and safety survey?

Why should you carry out a security and safety survey?

The ultimate purpose of undertaking a security survey is to determine the most cost-effective and practical ways to protect

your assets: your people, property and information

At the core of the onion is your business or organization

Containing all of your assets (property, people and information)

If you think of your organization as being like an onion, then the more layers of security protection around your core business, then the more secure and safe you are likely to be

All of the things that are essential to your operation are in the centre of this onion, beneath many protective layers

How do I carry out a security check?

Do not pre-announce or publicize when or where you will be carrying out a security or safety check. If your staff know when it is, then they are likely to deviate from their ‘normal bad habits’

Have floor plans and site diagrams

labeled with control systems to help you identify current and

potential security and safety risks

Work systematically and thoroughly, using

the guide below to help you. You have to ‘think like a criminal’ and spot existing and potential

risks and weaknesses in your organization

It is recommended that you record your findings

and create an action plan. This plan will state the issue and the safety and security measures

and procedures you have installed to

mitigate risk

What are the common risks and threats that you should check and consider?

When you review the security of your organisational assets (property, people and information), you need to consider how you

control and manage risks

Technological assets

Staff assets

Fixed assets

Are fences, walls, security and locks on windows and doors secure?

Can perimeters be scaled or breached?

Are the CCTV cameras in good working order?

Who is responsible for

the maintenance of security

systems in your organization?

Are the alarm systems

working?

Premises

Are CCTV cameras and

alarm systems serviced and

tested regularly?

Where is this information recorded?

How easy is it for visitors to access your premises?

Are staff vigilant? Do

they know how to report risks?

Are visitors challenged by

staff and asked to sign visitor

book and show ID?

Policies and Procedures

Do you have an effective passcode /

key policy in place (for

locks)?

Do you change

electronic door entry

codes regularly?

If using locks with physical

keys, how effectively does your key usage policy work in

action?

Are physical (and virtual) keys stored securely?

What controls are in place and fully

working with respect to access

to restricted access areas (e.g. mail rooms and server rooms)?

How effective is

staff induction

and training?

Are staff aware of their security responsibilities (e.g. they have to wear IDs at

all times)?

Staff

Are staff following security policies?

Do staff pose security risks

such as holding doors open to strangers and lending their

passes to others?

Do staff know how to report security issues?

Are security

staff trained?

How do you monitor their job

performance?

What happens

when they spot a

potential risk?

How do you vet staff and ensure you

are employing the right people?

Technology

How do you back up

electronic data?

Is it on site?

Are back ups stored

separately from main

data? Where? How?

How effective are the security

arrangements to protect

servers?

Who is responsible

?

How often you make adequate backups (so you

can recover critical data or

information, if it is damaged or

stolen)

How well are you protected

against Viruses,

Malware or Ransomware?

What are the specific threats and risks for your organization?

It is impossible to list all of the risks for every organization

Employing an independent security consultant to review your organization's security and safety is a worthwhile

investment.

There are some simple things you can control and manage

to mitigate your risk, and reduce the chance of

becoming a victim of crime

How can you control and manage safety and security risks?

Any response to minimising risk should be both consistent and appropriate. Companies, who excel in mitigating risk, plan a

sufficient budget to allocate to risk preventionA senior member of staff is appointed as

‘Security Liaison Manager’

A strict policy is in place for Key holders

and access arrangements

The company belongs to a Business

Watch scheme

You should create a security register, where you can

record

Your assessment findings

Details of any security systems already in place

Alarm systems

List of the key holdersA plan of the premises, labeled with building and door numbers

Your security action plan, detailing what needs to be addressed

How often should you review your facilities, procedures and policies?

These simple checks can be completed once a month

Most companies perform these checks four times a

year

A security consultant will be able to advise you on the best course of action

How can you control and manage safety and security risks?

Any response to minimising risk should be both consistent and appropriate. Companies, who excel in mitigating risk, plan a

sufficient budget to allocate to risk prevention

Whilst this article focused on the simple checks you

can make yourself

We recommend that you appoint one of our trusted

security consultants to independently assess and

check security in your organization

Read More

0333 6000 300

info@surelock.org

www.surelock.org