Security Assessments-Like Vacations, Take Planning
Security Assessments–like vacations, take planning.
Well it’s 2018 and I just returned from a vacation in the Bahamas. Much like life, there were rainbows, rough waters, and guiding markers leading to wonderful vistas. When we were planning our journey, we were looking to go somewhere we had never been before or to explore deeper into areas we had visited prior to. We are already looking into travels for 2018. Are you on a journey and starting your planning for a destination you have never been or a familiar place?
This blog is not about vacations, but about the planning of your security strategies for 2018. Just like the journey noted above, there are items we can plan for. Some events will require responses, we just hope to have good information or guide markers that lead us to where we want to be at the end of that journey.
Enterprise Security Risk Management (ESRM) is a similar process to planning a vacation. You develop a vision of what your vacation (security) destination looks like for your area of responsibility/business/company. You look at the objectives of the business and align your plans to enhance the bottom line or, as with a vacation, a good return on your investment of time and money. Risk management requires some introspection on what risks are acceptable and to what degree they are tolerated. In the case of my vacation, I preferred warm weather instead of going to a colder climate—so, in an attempt to avoid or reduce that risk during December, we traveled to the Bahamas.
Now that we had a destination in mind, the next series for my thought process is:
- “Where am I” in relation to my destination?
- What financial resources do we have?
- How much time do I have?
Much like planning for safety and security, an assessment that is holistic in nature can provide excellent data on where you are in your safety and security program. From the ESRM perspective, a risk to your business may be threats to (not an all-inclusive list):
- Employee(s) and Guests
- Business continuity
- Asset Protection
Having an assessment that provides empirical data, industry best practices, and merges with translational science can assist in determining a best course of action to get from where you are to where you want to be.
Then factoring in how does that look against what is acceptable (tolerance) and what resources will it take to arrive at our envisioned destination? Just like my journey started in the mid-west, I traveled south to Florida. Stayed the night before, transport to a cruise line and set off on a journey with a few destinations. With ESRM you may find that you too have several envisioned destinations that you need to account for. Some maybe new for your business and some maybe familiar. Again, looking through the filter of tolerance, finances and time some destinations may take priority over others.
If you are in the planning stages for 2018 and looking for an outside assessment, to determine where to spend to get the most ROI and move your safety and security journey closer to the envisioned destination there is help. ASIS International has Board-Certified individuals who can help evaluate as well as provide supportive data on “Why” your decisions and planning are the best course of action to implement your ESRM while applying mitigative strategies to avoid, reduce, transfer or assume risks that align with the business’s goals and risk tolerance.
Chuck McCormick has 32+ years in the life-safety and physical security arena ranging from assessments, designing, estimating, implementing, managing projects, program development and program management (for Fortune 50, 100 and 500 companies) to providing consultative engineering and sales support. He is on the Board of Directors as Chair for ASIS International Indianapolis Chapter 045 and the Assistant Coordinator with the Sector Chief program/Indiana InfraGard Member Alliance a member of ASIS International, International Association of Healthcare Security and Safety and the NFPA.
In addition, Chuck is a Board-Certified PSP, and has also obtained his certification with the International Association of Healthcare Security and Safety (IAHSS) as an Advanced Security Officer, CVI number with DHS, a member of InfraGard and trained with the TSA as a First Observer (FO) and a Certified Trainer with the A.L.I.C.E., program. He has held licenses to install and inspect fire alarm systems for the states of Kentucky, Ohio, and West Virginia and was a state certified firefighter for the State of Kentucky.