Security Risk Assessment Process
Protection Management, LLC customizes our Security Risk Assessments for each client, as we understand that each client has individual needs that are unique to their operations. Our practice is to follow industry best practices and established industry standards and guidelines as much as possible, as we feel that these are proven methods and can offer the most protection for the client.
Our Security Risk Assessments Typically Include The Following
- Crime Prevention
- General Security
- Physical Security
- Regulatory Compliance
- Security Operations
- Security Technology
- Review of campus/property crime prevention measures
- Review of property for signs of criminal activity (e.g. gangs, drugs, homeless camps…)
- Comprehensive analysis of crime data including security incident reports, crime statistics, police response data, loss history, and crime forecasting reports as applicable.
- Recommendations for security improvements based on Best Practices and proven industry standards
- Preparation of written Security Risk Assessment Report which will include an electronic version and the recommendations in MS word format for easy tracking of changes
- Review for compliance of CPTED (Crime Prevention Through Environmental Design)
- Risk identification and analysis
- Threat and vulnerability assessment
- Recommendations listed in order of priority
- Information on the “Next Steps” to mitigate any identified issues
- Review of property and building security measures
- Review of site landscaping for vulnerabilities and risks
- Review of Key Controls and locking systems
- Review for compliance of security requirements that are specific to your industry or location which may include – Joint Commission; DNV; NFPA; OSHA; HIPAA (Health Insurance Portability and Accountability Act; Clery Act; and security requirements imposed by state or municipal regulatory agencies.
- Assessment of existing security program to ascertain any identified operational issues, program inefficiencies or vulnerabilities
- Review of security management plan/program
- Review of security management
- Review of security personnel
- Review of security policies and procedures
- Review of security post orders
- Review of security incident statistics and outcomes
- Review of security training
- Review of security staffing levels
- Review of electronic security systems (CCTV, alarms, intercoms, radios, card access control….)
- Review of automated lock-down systems and/or Mass Notification systems
- Review of exterior lighting levels
Additional services or reviews are available upon request. Our Project Scope is always defined with your input.
The Security Risk Assessment Process
What you should expect from us when you retain our services and what we need from your organization as part of the Security Risk Assessment Process.
- Depending on the size of the organization and the project’s scope, the full assessment may require 2-5 days.
- Upon approval of the Project Scope and the proposal we will request a number of policies and reports for review prior to the actual site visit. We will also use those documents during and after the onsite inspection as well. The types of documents that we will request include:
- Existing security policies and procedures
- Property maps
- Security master plans
- Security officer training records
- Security staffing schedule
- Compliance reports
- Security department business plan (as applicable)
- Various types of other forms or reports.
We use this information confidentially, and upon request we will return all documents upon conclusion. If there is something on the list that your organization does not have that is not a problem.
- Prior to the site visit we will work with you to identify those people within your organization that we would like to interview as part of this assessment. This often will include administration, department heads, security officers, management and staff from security sensitive areas. Meetings with these people will often take between 30-45 minutes in duration, and in some cases they will be group meetings.
- On Day 1 we will commence the project by having an extensive interview with the staff member that is responsible for the security department/services. In most cases this will be the Manager or Director of Security. This meeting is comprehensive and can last 1-3 hours depending on the Project’s Scope. Throughout the remainder of Day 1 we will conduct the other interviews and take a quick tour of the campus if time allows.
- Day 2 will often include follow-up meetings as needed, and this is where we will conduct a full walking tour of all areas except security sensitive departments. We will conduct in depth meetings and tours of any security sensitive departments separately, as they often require extra time.
- In some cases the actual onsite assessment may last as many as 5 days. It really depends on the project’s scope and the size of the facility(s). When a project is more than two days in duration, days 3-5 will be used for site specific tours, assessments, meetings, and other critical functions.
- During evening hours we will be onsite to observe the night operations of the campus, and we will conduct a lighting assessment of the building’s exterior and parking areas.
- On the final day of the onsite project we will conduct an exit interview with key personnel and provide your team with a verbal report of our key findings.
- At the conclusion of the onsite assessment we will depart your site and commence work on the final report of our findings, as well as our recommendations. As part of this phase of the project we will review all of our notes, evaluate staff surveys, review any additional policies and reports provided onsite, and document our findings. The final report often takes 10-15 days to be completed and be shipped. You will know up front what date you can expect your report. In some cases we may request additional documents or other information. However, it will not delay the report in most cases.
- Some clients ask us to provide an additional oral presentation to the organization’s Senior Team or Board of Directors at a later date. If your organization requests that we will either include it in the original project or generate a separate project; it is your call.
- Post assessment Protection Management LLC is available by phone to discuss the findings within this report and attachments at no additional charge to the client.
- We are also prepared to assist our clients under a separate agreement in making positive changes to their security programs as requested. We will work with clients to discuss, plan, and implement changes contained within the final report upon request. These services will be under a separate agreement, and an identified scope will be established with the mutual consent of our client.
- Development of Security Post Orders
- Interim Security Management
- Project Management and/or Oversight
- Request For Information (RFI) Development & Management
- Request For Proposal (RFP) Development & Management
- Request For Qualification (RFQ) Development & Management
- Reviewing Vendor Submittals
- Security Assessments at Satellite Properties
- Security Awareness Training For Staff
- Security Management Review And Selection Process
- Security Management Support And Mentoring
- Security Training
- Security Policy Development
- Security Program Redesign And Implementation
- Threat Assessment Team Design and/or Implementation
- Vendor Selection Management
You will know up front what services we will provide and what the project’s schedule will be. This information will be identified in the formal proposal that we will submit to you, and it will detail the project scope and requirements, deliverables, assumptions, schedule, budget, project management, and numerous other relevant facts.