The same security assessment for different reasons

Issue 7 2020 Editor's Choice

Like everything else in life, a security risk assessment also has two sides: Side A and Side B. Side A is the proactive approach, and Side B is the approach taken ‘after the fact’.

Side A is the approach mostly taken by investors, the owner of a business, or a CEO. These individuals will contact us for an independent security risk assessment in order to understand their security and risks better and to find suitable solutions for the identified risks.

Most of these people will then follow the recommendations in the security risk assessment and implement the solutions to ultimately eliminate the opportunity for crime. In other words, they fix their security before they get caught off guard.

The other approach, Side B, is the approach people take after a crime with devastating effects. This is when they have an axe to grind and want to hold someone accountable for the loss or injury that has occurred.

Essentially, both types of assessments are done in the same way; the focus is to identify the risks and to eliminate these risks with suitable and risk-specific solutions.

In the case of Side B, we just look at the security solutions that should have been implemented to avoid a crime from occurring. The only difference is that the B assessment is requested after a crime-related incident that changed someone’s life for the worse.

It is not the owners of the property or business that request the security risk assessment, but rather the victim’s family or friends. Sometimes these family members will approach an attorney who will then request us to conduct a security risk assessment.

Fixing the unfixable

This type of assessment is mainly focused on finding out what could have been done to prevent a crime from happening. It is aimed at highlighting the things that should have been remedied to eliminate the risk that provided the opportunity for crime. It also focuses on the process that was followed to make security decisions – not only on the hardware.

The goal of highlighting the opportunities for crime is to provide a court with information that somebody is responsible for the security decisions or neglected a security aspect and that this neglect or wrong decision contributed to the occurrence of the crime.

When someone has been attacked at the office or any property has been compromised and someone has been murdered, raped, or kidnapped, and so on, people want to react. They want to know why and how, and they want to know who is responsible.

Think about this for a moment: If a building collapses and people are hurt and killed in the process, who will be blamed? The architect or the engineer. The builders will also be blamed, but remember, they built in accordance with the plan that was given to them. If they prove that they followed the instructions as per the architect, the burden of those lives that have been lost will fall on the architect.

Remember the homework or the research that you did when you wanted to purchase a vehicle? Or when you were looking at purchasing a house? Even purchasing new curtains requires some form of research.

It’s the same with security

What homework or research has been done before you made a security decision? Who has done this homework/research? What information did you use to make your security decisions? That is the type of information that the second type of assessment, approach B, wants to know after a crime has happened.

Eventually, this type of security risk assessment will be handed to the lawyers and will be used in court, or it will be used in some way against the property owner, and/or the decision-makers regarding poor security.

Remember, security hardware alone is not security. Various aspects need to be in place before you can call it security.

While these assessments are predominantly the same , and they will be accompanied by questions such as:

• Where is your risk assessment?

• Who is responsible for security?

• What have you done to eliminate the risks?


Andre Mundell.

The difference comes in at the answering of these questions. The proactive party, Side A, will have the answers to these questions while Side B, the ‘after the fact’ party, will have no answers when a crime has occurred.

The security risk assessment will have all the answers; it will show the processes that were followed, the homework that was done to get to the specific solutions as well as the what, how, and why of security.

In some cases, the reason that the security measures could not be installed at the time will also be provided by the security risk assessment. Remember that people were hurt, and either incurred an injury themselves or lost someone dear to them, and they want to hold someone accountable. They will search far and wide to find the responsible person.

Most of these people ask the questions, but they do not get satisfactory answers, which leads them to us at the end of the day.

Keep in mind that when it comes to certain properties, in accordance with the Health & Safety Act, the business/property owners have a responsibility to do everything in their power to keep the people safe. The homeowner knows who is responsible for security decisions.

‘Should have’, ‘could have’ and ‘would have’ does not undo the crime. Those words cannot change the devastating effects of crime and that is essentially the main difference between a proactive security risk assessment and a security risk assessment that is done after the fact.

Approach A wants a security risk assessment to fix their security in order to be proactive, whereas approach B is to find out who is responsible for bad security decisions.


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Risk intelligence the key to a sustainable future
Issue 7 2020 , Editor's Choice
Only by building risk intelligent organisations will leaders be able to overcome six distinct global threats identified by the Institute of Risk Management South Africa (IRMSA).

Read more...
Profile D for access control peripherals
Issue 7 2020 , Editor's Choice
Profile D provides interoperability for devices such as locks, credential/biometric readers, PIN pads, LPR cameras, door phones, sensors and displays.

Read more...
Security investments and culture
Issue 7 2020 , Editor's Choice
Organisations must embed security into the culture of the company and approach security investments with this culture in mind.

Read more...
Elastic storage pricing
Issue 7 2020 , Editor's Choice
With elastic pricing, users can switch from one storage model to another without having to pay a premium or a penalty, and without having to physically move any data.

Read more...
Use technology as a differentiator
Issue 7 2020 , Editor's Choice
Juni Yan, director of Transport, Logistics and Automotive at BT, shares her insights on how logistics companies can leverage digital transformation to become a real market differentiator – no matter the state of the pandemic.

Read more...
Management of PPE allocation made simple
Issue 7 2020, Powell Tronics, Technews Publishing , Editor's Choice
Of all the roadblocks and challenges COVID-19 has introduced us to over the past few months, one of the tasks organisations have to manage is the issuing of PPE to staff.

Read more...
Robots in warehousing and freight, a security perspective
Issue 7 2020, FSK Electronics , Editor's Choice
The logistics industry needs support from technology to meet its ongoing demands and ongoing security concerns.

Read more...
The new training normal
Issue 7 2020, Leaderware , Editor's Choice
Insights from running my first CCTV Surveillance Skills and Body Language and Advanced courses at physical training venues since COVID-19 started.

Read more...
An exciting journey in security
Issue 7 2020, Technews Publishing, BTC Training Africa , Editor's Choice
Errol Peace describes his 40-plus year career in the security industry where he was and is a great proponent of training as an “exceptionally exciting journey”.

Read more...
Secure by default
Issue 7 2020, Axis Communications SA, CA Southern Africa , Editor's Choice
A Secure by Default strategy means taking an holistic approach to solving security problems at the root cause, rather than treating the symptoms of a cybersecurity defect.

Read more...