The same security assessment for different reasons

Issue 7 2020 Editor's Choice

Like everything else in life, a security risk assessment also has two sides: Side A and Side B. Side A is the proactive approach, and Side B is the approach taken ‘after the fact’.

Side A is the approach mostly taken by investors, the owner of a business, or a CEO. These individuals will contact us for an independent security risk assessment in order to understand their security and risks better and to find suitable solutions for the identified risks.

Most of these people will then follow the recommendations in the security risk assessment and implement the solutions to ultimately eliminate the opportunity for crime. In other words, they fix their security before they get caught off guard.

The other approach, Side B, is the approach people take after a crime with devastating effects. This is when they have an axe to grind and want to hold someone accountable for the loss or injury that has occurred.

Essentially, both types of assessments are done in the same way; the focus is to identify the risks and to eliminate these risks with suitable and risk-specific solutions.

In the case of Side B, we just look at the security solutions that should have been implemented to avoid a crime from occurring. The only difference is that the B assessment is requested after a crime-related incident that changed someone’s life for the worse.

It is not the owners of the property or business that request the security risk assessment, but rather the victim’s family or friends. Sometimes these family members will approach an attorney who will then request us to conduct a security risk assessment.

Fixing the unfixable

This type of assessment is mainly focused on finding out what could have been done to prevent a crime from happening. It is aimed at highlighting the things that should have been remedied to eliminate the risk that provided the opportunity for crime. It also focuses on the process that was followed to make security decisions – not only on the hardware.

The goal of highlighting the opportunities for crime is to provide a court with information that somebody is responsible for the security decisions or neglected a security aspect and that this neglect or wrong decision contributed to the occurrence of the crime.

When someone has been attacked at the office or any property has been compromised and someone has been murdered, raped, or kidnapped, and so on, people want to react. They want to know why and how, and they want to know who is responsible.

Think about this for a moment: If a building collapses and people are hurt and killed in the process, who will be blamed? The architect or the engineer. The builders will also be blamed, but remember, they built in accordance with the plan that was given to them. If they prove that they followed the instructions as per the architect, the burden of those lives that have been lost will fall on the architect.

Remember the homework or the research that you did when you wanted to purchase a vehicle? Or when you were looking at purchasing a house? Even purchasing new curtains requires some form of research.

It’s the same with security

What homework or research has been done before you made a security decision? Who has done this homework/research? What information did you use to make your security decisions? That is the type of information that the second type of assessment, approach B, wants to know after a crime has happened.

Eventually, this type of security risk assessment will be handed to the lawyers and will be used in court, or it will be used in some way against the property owner, and/or the decision-makers regarding poor security.

Remember, security hardware alone is not security. Various aspects need to be in place before you can call it security.

While these assessments are predominantly the same , and they will be accompanied by questions such as:

• Where is your risk assessment?

• Who is responsible for security?

• What have you done to eliminate the risks?


Andre Mundell.

The difference comes in at the answering of these questions. The proactive party, Side A, will have the answers to these questions while Side B, the ‘after the fact’ party, will have no answers when a crime has occurred.

The security risk assessment will have all the answers; it will show the processes that were followed, the homework that was done to get to the specific solutions as well as the what, how, and why of security.

In some cases, the reason that the security measures could not be installed at the time will also be provided by the security risk assessment. Remember that people were hurt, and either incurred an injury themselves or lost someone dear to them, and they want to hold someone accountable. They will search far and wide to find the responsible person.

Most of these people ask the questions, but they do not get satisfactory answers, which leads them to us at the end of the day.

Keep in mind that when it comes to certain properties, in accordance with the Health & Safety Act, the business/property owners have a responsibility to do everything in their power to keep the people safe. The homeowner knows who is responsible for security decisions.

‘Should have’, ‘could have’ and ‘would have’ does not undo the crime. Those words cannot change the devastating effects of crime and that is essentially the main difference between a proactive security risk assessment and a security risk assessment that is done after the fact.

Approach A wants a security risk assessment to fix their security in order to be proactive, whereas approach B is to find out who is responsible for bad security decisions.


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

What South Africans need to know about smart devices
Technews Publishing Editor's Choice
We live in a world surrounded by smart devices, from our pockets to our driveways and living rooms.

Read more...
From overwhelm to oversight
Editor's Choice Cyber Security Products
Security automation is vital in today’s world, and Microsoft Sentinel is a widely adopted, but complex answer. ContraForce is an easy-to-use add-on that automatically processes, verifies and warns of threats round-the-clock.

Read more...
SMART Surveillance Conference 2023
Technews Publishing Editor's Choice CCTV, Surveillance & Remote Monitoring Conferences & Events
Some people think the future is all about cloud technologies, but the SMART Surveillance conference demonstrated that AI is making edge surveillance much more attractive, over distributed sites, than ever before.

Read more...
Has your business planned for the worst?
Editor's Choice Cyber Security Security Services & Risk Management
Incident response is a specialised part of security, like a hospital's intensive care unit: IR kicks in when the organisation detects a breach of its systems to stop criminals from doing more damage.

Read more...
Making a difference with human intelligence gathering
Kleyn Change Management Editor's Choice
Eva Nolle believes that woman should stand their ground as they often bring an entirely different skill set to the table, which enhances the overall service delivered.

Read more...
Milestone celebrates women in security
Milestone Systems Technews Publishing Editor's Choice News Conferences & Events
The Milestone Systems’ African team wanted to express their appreciation for the incredible contributions of the women in the security industry and held a breakfast in honour of the hard-working women in the industry on 8 August.

Read more...
Supporting CCTV intelligence with small and big data
Leaderware Editor's Choice CCTV, Surveillance & Remote Monitoring
The increasing development of AI and its role in enhancing investigation-led surveillance, and the increasing capacity of control rooms and local analysts to deliver data in return, can increase the synergy between intelligence and surveillance.

Read more...
Overcoming resistance to changing your current operating model
Editor's Choice Integrated Solutions
Business survival goes beyond cutting costs and driving efficiency, it’s about using data and technology as strategic assets to develop speed, agility and resilience, keep up with customer demands, beat the competition and grow the business.

Read more...
The road to Zero Trust not necessarily paved with gold
Editor's Choice Access Control & Identity Management Cyber Security
Paul Meyer says that while Zero Trust must be the goal, there are a few potholes to navigate on the journey. Here he expands on these caveats, but also exposes the greatest ally of Zero Trust.

Read more...
More agile, flexible access management
ASSA ABLOY South Africa Editor's Choice Access Control & Identity Management
Tim Timmins from ASSA ABLOY Opening Solutions examines the growing shift towards cloud access management. How can organisations benefit, and what should they look for when choosing a cloud access control solution?

Read more...