The need for a security review | QRisk

Security Review – It’s all about people

 

QRisk Security Review

Sadly recent events have prompted organisations to stop and complete a security review of their operations, to understand their gaps. Whilst it’s appropriate for businesses to do so, the focus should always be on safeguarding people at their workplace and beyond.

Robust security is all about systems, process and most importantly people. People are the enablers of the technology, systems and process that builds a culture around safety, security and awareness. It’s all part of building resilience and well being into your organisation.

Conducting internal security reviews helps keep compliance programs up to date, focused and relevant, but more importantly it’s an opportunity in time to shift your culture to one that’s more appropriate. Less about form filling and more about engraining a positive culture around risk and security awareness,  and empowering your people to take ownership and be part of the solution.

The risk of something occurring can be measured by taking a pragmatic approach of likelihood x consequence using your business descriptors. Then look at how to reduce it. There is never no risk – so it’s about moving the likelihood and consequence to a point that is as low as reasonable practicable, and empower your people with knowledge and ownership.

The QRisk approach to a security review is unique and it involves a close collaboration with key stakeholders to truly understand your risk. We listen with intent to understand and can even facilitate one of our popular, co design sessions (with simple brainstorming techniques) to engage with all levels of staff to understand the real concerns of your people and help bring common sense solutions to the surface. The aim is to look at risk from different perspectives to get a greater understanding.

Effective security risk reviews can prevent incidents occurring, reduce the impact of when they do occur, and keep your company’s name from appearing in the media spotlight for all the wrong reasons. More importantly though, the focus for doing the review should be people well being and resilience through a lens of safety and security.

Who Should Do a Security Review

Any organisation that truly cares first about their people safety and their brands reputation. Quite often we find organisations with good knowledge around health and safety but often their is a lack of awareness and ownership of security.

Security is managed by people and supported by systems and process, therefore we will always recommend that any implementation program as a result of a security review is accompanied by a clear change management plan including support tools such as practical critical incident management flip charts and or a lean 5s program to make changes evolutionary rather than revolutionary.

Security Review - What should be looked at

Your security review will be bespoke to your organisation. You will have unique circumstances that present different risk. An initial discussion will identify this at a high level and then you can dig into a bit more detail.

 In summary and as a starter you should look at the following if its relevant for you,

  • Staff training and situational awareness program

  • Procedural compliance

  • Cash handling procedures

  • Critical incident management

  • Culture and responsibility

  • Access Control

  • CCTV and alarms

About QRisk

QRisk are problem solvers, people trainers and organisational fixers. If you have a risk that’s within our expertise to resolve, then we should talk. Part of our expertise is in doing security reviews and site assessments. If you are interested in this then let’s talk