There are many components to the security of any organization: policies, procedures, barriers, technology, and response. There are diverse risks: insiders, outsiders, well-meaning employees who don’t know what they’re doing, thieves, extremists, etc. There are many things to protect: employees, visitors, equipment, capability, reputation, the environment, information, information technology, operational technology.
In my experience, most organizations have mechanisms in place to manage most of the risks they face. The problem lies in the gaps: have you considered everything? Are you managing your risks adequately? Are you prepared for new risks? How will you know what you must protect?
The safety world manages a similar problem through safety management programs, and for this reason most companies have them. When I joined Atwood Oceanics in 2002 as a safety and security supervisor I learned about safety management programs, and that safety and security were basically the same thing – the prevention of unwanted incidents.
I have approached security from the program perspective ever since.
At its core, an SMP uses threat and risk assessment to:
Our SMP model will help you to:
If you would like to know more, please contact us and we can discuss how a security management program can help you to manage your risks more effectively.
