Is your physical security plan undermining your enterprise security risk management (ESRM) approach?

Stepping up to face today’s challenges

Today’s risk landscape comes replete with multiple, fast-moving threats ranging from cybercrime, to terrorism, natural disasters and beyond. As interconnected technology and instantaneous communication become ubiquitous and play a greater role in companies large and small, it also means that organizational problems can escalate to become reputational catastrophes in record time.

Breaking down organizational silos

Having a physical security strategy is a core part of breaking down the silos that can exist within organizations and encumber their response to risk. Given the interconnected nature of the modern risk landscape, companies have recognized that the appropriate risk management response must also be joined up. This is evidenced in best-practice business continuity planning that takes into account the nature of threats in a holistic way and develops a coordinated response plan involving all the necessary stakeholders, including physical security. In this way, organizations can break down the silos between say, physical security, IT security, and communications teams, to make sure that their preparedness isn’t undermined by tunnel vision or miscommunication.

Why your physical security plan is business critical

How to Create a Robust Physical Security Plan
The approach is to focus on security from a holistic standpoint

At the core of business continuity is a new approach to security championed by the industry’s professional organization, ASIS International known as ESRM. The approach is to focus on security from a holistic standpoint, taking into account the day-to-day reality of an organization and assessing the required security measures in this context. The aim is to counteract the threat of commoditization within security services that views security primarily through the lens of cost rather than recognizing the wider value added by security in terms of supporting productivity and preserving reputation.

Given the strategic nature of the ESRM approach, it cannot be achieved without robust security planning. Having an auditable, defendable plan will allow you to champion the ESRM approach in your organization and also make sure you are adequately supporting your organization’s business continuity.

How to approach your physical security strategy

The first step to any plan is understanding the ‘as-is’ context in which you operate. This will allow you to tailor your physical security risk response to the facts on the ground and deploy your resources accordingly. One approach to building this picture of your security environment is to carry out an audit. A thorough audit paints a detailed portrait of the security risks present and also an organization’s vulnerability and strengths across a range of topics, including:

  • Facilities – does an organization’s facilities present particular weaknesses?
  • Profile – is an organization likely to face any specific strategic threats due to its reputation or sector of activity?
  • Hardware – is adequate hardware such as CCTV or turnstiles present?
  • Staffing – are the right people with the right skills in place to manage security?
  • Technology – are the right systems being used to manage security and gather data?
  • Planning – is the existing plan fit for purpose and aligned with the business continuity plan?
  • Compliance – is physical security compliant with relevant regulations?

After understanding where you stand, you now have a better understanding of the work that needs to be done to correct any deficiencies and you can begin your plan to address each facet of your physical security operations.

Taking your planning to the next level

As we’ve explored previously with budgeting, data is key to aligning physical security teams with a wider organization’s priorities. The same principle applies to planning, as planning and budgeting are closely linked. If you want to create a physical security plan that is accepted by your stakeholders, and also one you can be confident will support the wider business continuity planning, then you need data. This is especially true if your planning calls for additional investment in any of the areas identified in the physical security audit.

A security workforce management platform that connects your frontline and back-office functions can help you gather the data you need on your current security operations, and also help you build the case for expanding investment in physical security. Real-time and historical data can help demonstrate how physical security supports your organization’s wider objectives and further supports the shift away from commoditization towards a more ESRM-focused approach.

Planning for tomorrow

By making sure you create a robust physical security plan, you can take a proactive approach and demonstrate value. Being able to back-up your arguments with hard facts drawn from your security workforce management platform will also help position you as a true partner to the rest of the business and help you better deliver on your mandate of creating a safe and secure environment for your organization.