With 30 years of experience in risk assessment and emergency planning at multiple levels, Chris Wise offers a unique perspective on physical security planning and technology implementation. He is the co-founder of Invictus Consulting, LLC and has served on several security-related advisory committees.
From simple locked doors to elaborate military bases, each security system should be preceded by a detailed plan of its construction. As for organizations, protecting them and their stakeholders means identifying the risks that may potentially impede their efficiency.
Security planning is not the same as crisis management planning, with the latter being much wider in scope. Crisis management planning (CMP) takes into account all the aspects of an organization and falls under the category of business impact analysis. On the other hand, physical security planning is more specific and is tailored towards individual areas of a business and its facilities. It exclusively addresses areas of heightened physical damage risk.
Security strategy should always be preceded by a risk assessment. Based on these thorough assessments, decisions are made regarding which unit’s potential risk justifies the money needed to strengthen that unit’s security.
With physical security, risk assessments generally include the physical characteristics of the environment, with building details being the most notable. Every particularity about the building’s construction, however small in scale, is a potential liability and is taken into account during the risk assessment. Staff interviews should also be included in the assessment to detect their level of awareness concerning potential risks and mitigation tactics. Once the full assessment is performed, the information is sent to the stakeholders with recommendations on how to protect vulnerable aspects of the system.
The Question of Budget
Physical security budgeting factors include:
- The totality of an environment
- Building location and size
- High-risk assets or targets (including people)
- Intangibilities (i.e. research)
Given that each environment’s stakeholders operate in a unique manner, the cost structure and the security technology that is to be implemented will vary from organization to organization. With aesthetics in mind, stakeholders often believe that the implemented technology should not impede on the architecture. In cases such as this, it is the stakeholders’ responsibility to account and budget for security standards that may be sacrificed for the sake of preserving the building’s aesthetics.
Risk assessments, security planning and implementation technology combine to create an intricate web that provides effective protection for the organization.