I came across an article the other day that discusses how a report writer does not always provide the reader with all the information. For example, a crime may be covered in regards to who was killed, when he was murdered and where it happened. But the aspect of the how and the why is not mentioned. This could be because they may not have that information, or for other reasons have decided not to include this in the report. The former reason got me thinking as to how this is the same with the security risk assessment.
There are many applicants that are looking for an assessing position with my security risk consultancy. They provide me with their CV and sometimes a copy of an assessment they have conducted. The breach of confidentiality and the actual content is often a shocker to me.
Before we review the content, I would just like to discuss the confidentiality issue. These individuals are using previous assessments in a bid to win me over for employment. In other words, to make new business. As a professional and an independent who has been in the security field for over two decades; not even I advertise my previous clients to get new ones. This in itself creates a security risk for the client and this is why confidentiality is vital.
All the assessment reports that I have reviewed by job seekers are extremely limited in content. The document usually consists of a few pages with photographs. They will point out to the client where the risk is and what could be a probable area of risk. It is not explained why it is a risk; how to remedy it or even who needs to make changes to fix this. In this case, it is general that the assessor does not have that information or does not have the necessary knowledge to solve it. The client is not provided with this important information.
Who did the assessment, a salesperson or a risk assessor?
Another regular occurrence is that the assessor will focus more on the what of products that can be used as a remedy. This does not include other methods or items that are not in his inventory that can work in how to fix the problem. Such assessments are what we refer to in the industry as a product assessment. The assessor is simply a salesman from a security company peddling his wares. Sales or service contracts make the money, not the investigation or the assessment. This is provided for free or dirt cheap.
The whole point of the independent security risk assessment is to investigate the site at several levels. This investigation will positively identify and explain all weaknesses within the physical security status. These are points and areas that provide the opportunity for the criminal to commit a crime. Probability is not valid in security risk assessment. To be able to practice proactive crime prevention, these opportunities need to be eliminated or at least minimised.
This is where the second major part of the security risk assessment begins. Active research into the client’s unique security solutions is conducted. The final and extensive report will provide the client with an in-depth security plan. The plan will give the client the necessary security knowledge and know-how. This empowers him to make good security decisions that will effectively deal with his security risk.
Understand that the security risk and threat assessment cannot be covered partially. The client is not always any the wiser if only the what and where is provided to him. He needs all the other information ranging from the HOW, WHY and WHO to be able to benefit in full from the service provided by the independent security risk consultant.
|Tel:||+27 62 341 3419|
|Fax:||086 666 8050|
|Articles:||More information and articles about Alwinco|
© Technews Publishing (Pty) Ltd | All Rights Reserved