What really drives the energy, if any, behind a risk assessment? Risk assessments are an important cog in the initial and recurrent security framework of any ad hoc or permanent security detail. For fixed assets, site risk assessments are often conducted throughout many levels depending on who is involved as well as when requested.
As threats change daily, regardless of how minuscule, having immense gaps in risk assessments, which may span for many years on end, can weaken the security framework of not only the fixed asset but also principals, employees, and visitors. Preplanning, drills, and tabletop exercises are all excellent ways to maintain a hardened security program; however though, pragmatically, they often end up as a physical or virtual binder collecting dust until a serious incident or crises upsets the culture of operations.
Furthermore, many site risk assessments and security training are conducted reactively rather than proactively. Risk assessments and training of security personnel cannot be conducted in an hour, they take time and effort to properly diagnose the security health of a fixed asset and security team. Couple this with ever changing risks, both natural and manmade, a typical risk assessment usually takes a week or two depending on the assessors, assignment, and/or assets, not including the final report; training comes in the form of initial stages and recurrent – i.e. quarterly, yearly.
However, risk assessments and training do not need to be initiated from upper management, it must flow through each phase of management starting with the front line. Regardless of if you are a Chief Security Officer (CSO), Security Manager, or Close Protection Team Leader, risk assessments are an imperative force-multiplier for security practitioners.
Some risk assessments and training are often either rushed or haphazardly conducted to pacify a deadline or order. Principals, fixed assets, and non-tangible assets – i.e. – cyber, brand reputation, might be close in framework; however no two are alike. The cookie cutter mentality is no longer prevalent because threats and aggressors are quick learners, and worst of all, can adapt.
Nobody wants their workload to increase; however, the more risk assessments and training are delayed the more likely it is to be shelved and forgotten. Moreover, what does one think a workload will look like if a serious incident or crisis could have been avoided by a proper risk assessment or training?
And often, it is not only limited to doors, gates, and turnstiles, but also security personnel. Reactivity is an issue; however, one of the most important variables in any security operation is the training and re-training of the security personnel. Just as a proper risk assessment does not occur overnight, nor does the full training – or at least setting up recurrent training schedules, for security personnel.
Compliance is universal in the private and public sectors; but is that compliance truly proactive? Regardless of if a security professional is entry level or C-Suite, Security Officer or Security Director, there are initial trainings and compliance that must be addressed and adhered to; however, it cannot stop there. Whether in executive protection or building security services, three variables should be considered:
- How well is my protective assets, principal, building, brand, currently protected?
- What is the number one fear the client or organization has? Enterprise Security Risk Management (ESRM), is very effective in this aspect.
- How well are my personnel trained and how to motivate through recurrent training.
Time is a luxury that many take for granted. Down-time in the security field depends on assignment and position held. Proactively utilizing downtime to the practitioner’s advantage, by formulating a plan your approach method.
The purpose is not to say how to do a proper risk assessment or how to properly train security personnel, but the importance of time management and coming at your risk assessment and training operations in a proactive and strategic approach.