Wednesday, May 11, 2011

Five Reasons Every Business Should Audit Their Security Once a Year.

Determining the appropriate level of ongoing security for your specific business can be difficult. Proactively combating the rapidly changing risk landscape merits a periodic, if not real-time analysis of the best use of security systems, risk mitigation strategies and services. Many business owners struggle to find time to schedule meetings with their security professional, while others only thoroughly audit their security programs before the initial installation of a security system or if there has been a breach. However, making the time to conduct a periodic review of all security programs, plans and protocols can help you identify the areas of your business that could benefit from increased security and may even help you decrease your exposure to risks. There are many factors that can affect the overall effectiveness of a security solution. That’s why it is suggested that growing companies perform a comprehensive review of their security programs at least once a year. According to The Integrated Physical Security Handbook, “During the risk and threat assessment phases of developing an IPS (Integrated Physical Security) plan, you frequently discover areas of vulnerability that can be remedied and practices that can be improved. This can lead to improved productivity and efficiency and has an ongoing impact on your bottom line.”
1. Evolving Business Environments:
When most companies grow, they experience an influx of property, assets and personnel. These expansions can directly affect the level of physical security needed to help protect assets, employees, visitors and customers. Annual audits performed by qualified security professionals are generally sufficient, unless a significant change is planned or made that could affect liability, risk exposure, physical security or safety.

Whether you are re-evaluating risk levels after a security related event, establishing new business locations or making any major (non-cosmetic) renovations to an existing facility, it is recommended that you call your security professional to determine if any changes to your security system are advisable. Contacting them as soon as possible can help you address any security short falls or needed modifications to your security program.
Benefits of assessing security systems when changes are made to the business environment include:
  • Maintaining a seamless security presence when changing physical locations.
  • Protecting high-value items when modifying product mix and adding new partners or vendors.
  • Being aware that even slight changes to your customer experience can affect your overall security needs.
  • Keeping current on technology innovations, such as video monitoring solutions, and emerging technologies that can help you maintain control over your most valuable assets.
  • Controlling access to sensitive areas, computer servers, data and equipment in order to help comply with data and physical security aspects of governmental regulations such as Sarbanes Oxley (SOX) and Health Insurance Portability and Accountability Act (HIPAA).
2. Updated Recommendations for Emergency Planning:
Potential emergencies and threats facing businesses change every year and can increase in frequency and severity. According to the Department of Homeland Security, the number of declared major disasters nearly doubled in the 1990s compared to the previous decade.2

To help protect lives, assets and business continuity, proactive planning of emergency procedures is of the highest importance. In fact, in the financial services industry, BCRP (Business Continuity Recovery Planning) is a regulatory requirement. Threats can come from a variety of sources and can also be industry-specific. An experienced security professional typically has the knowledge and resources to aid businesses in selecting security solutions that support emergency planning programs.

All companies should, at the very least, have a written emergency plan to address emergency situations including those caused by weather, acts of God, terrorism, power outages, pandemics and manmade disasters. The two main goals of these plans are typically focused on readiness and recovery. Determining your readiness and establishing the important components of a recovery plan should be an integral part of a security assessment.

The Department of Homeland Security also recommends that fire safety be a major priority within all emergency plans. Proper planning for fire emergencies may save lives, prevent severe property destruction and enable businesses to recover more quickly.

Fire and life safety planning begins with a thorough inspection of your facilities by a professional specifically trained in fire safety and prevention. This professional can provide valuable assistance in helping you identify potential risks and select the best options for your business type, location, local regulations and square footage.

Some fires can be avoided or their impact lessened by installation of prevention and mitigation systems. Other fire solutions may include detection and containment components required for your type of business and type of premises. These components may include: fire doors, hoses, fire extinguishers, sirens, monitors, sprinklers and smoke alarms, critical system monitoring and emergency alert systems.

A comprehensive security plan may help:
  • Identify risks, vulnerabilities and gaps in the current emergency plan and procedures.
  • Facilitate compliance with regulatory fire codes and requirements — through installation, maintenance and updates for appropriate fire and life safety equipment and systems.
  • Develop an inspection schedule for fire equipment to help identify equipment gaps and evaluate updates.
  • Provide insight into new technologies such as emergency notification alert systems — to aid in warning and protecting employees.
  • Enhance a company’s ability to recover from a disaster by helping minimize financial losses due to criminal activity and potential damage to critical equipment and infrastructure.
  • Limit potential exposure to civil/criminal liability.
  • Enhance a company’s image and credibility with employees, customers, suppliers and the community.
  • Reduce insurance premiums by demonstrating company emergency and disaster readiness.
  • Assess regional risk levels and identify peer company’s strategies, enabling a balanced approach to risk management.
3. Trends in Workplace Violence:
Despite efforts to reduce it, workplace violence is a growing threat and an important security risk for businesses to consider.

In fact, a recent survey by the U.S. Bureau of Labor Statistics found that, “Of those establishments reporting an incident of workplace violence in the previous 12 months, 21 percent reported that the incident affected the fear level of their employees and 21 percent indicated that the incident affected their employees’ morale.”

Because workplace violence can strike any business, anywhere, at any time, business owners and managers must now consider the residual effects an incident can have on their business. According to Preventing Violence in the Workplace, “Losses in productivity occur throughout the enterprise with decreases of up to 80 percent for up to two weeks immediately after the incident.”

An up-to-date workplace violence plan should, as a priority, communicate a zero tolerance policy from management and include guidance on assessing physical security, emergency preparedness training programs, and policies and procedures for dealing with potential threats and situations.

A comprehensive security plan may help:
  • Potential risks and vulnerabilities and other areas of concerns and opportunity.
  • Whether or not an unauthorized person could be prevented from entering the workplace or particular work areas.
  • How controlling access to sensitive areas can help protect valuable assets and intellectual property.
  • Ways to help reduce liability by using surveillance of public areas.
  • How technologies such as video surveillance and video auditing can help identify risky behavior patterns before they escalate into events.
4. New Governmental Codes and Regulations:
Keeping up with changes in business trends as well as federal, state and local governmental regulatory compliance thresholds can feel overwhelming to many business owners. A trained security professional can help your compliance team identify and develop security solutions to help you create a responsive security compliance plan.

An annual security review can help you identify areas within your compliance program that may benefit from enhancements to your existing security plan, such as:
  • Products and services that can help limit physical access to critical areas such as employee and customer data centers, record storage rooms and company accounting areas. This can help address financial regulations such as SOX and other governmental regulations.
  • Video surveillance and monitoring systems that can help you audit incoming shipments, monitor storage areas, waste removal and areas where hazardous materials are used or stored. These systems may be helpful in keeping current with certain regulations from OSHA and DHS.
  • Access control systems that can help reduce the potential for security breaches by controlling access to record storage areas. Video recording systems can also aid in documenting employee compliance to policies, procedures and governmental regulations such as HIPPA and privacy laws.
  • Video recordings of actual events can serve to educate employees about risky work behaviors and can also be instrumental in showing what actually occurred. Such recordings may also help with workers’ compensation claims and OSHA safety regulations.
5. Improvements in Security Technologies:
One of the most significant security trends to emerge over the past five years has been the convergence of IT and physical security solutions, which has helped fuel further development of web-based applications. There are now more tools available than ever before to help business people manage their security programs.

At the same rate that Internet technologies, digital technologies and “smart applications” are being developed, so are their security counterparts. These smarter systems are helping to provide better, more comprehensive security solutions while giving more freedom and flexibility to the users. Security professionals are trained every year on new and emerging applications and technologies and how they can be used to help businesses succeed.

The benefits of these technologies that may come to light during discussions and the walk-through components of an annual security audit may include:
  • Identifying areas where intrusion detection, video surveillance and access control systems can interface with each other.
  • The ability to provide audit trails, exception reports and off-site monitoring of critical areas, which are now much easier to accomplish because they are database-driven and network-delivered.
  • The use of video, access, intrusion detection and GPS monitoring security solutions to help reduce risks associated with having an ever-increasing amount of company data being stored on desktop and laptop computers.
  • Areas where video monitoring could be used as a tool to help improve employee productivity and customer service as well as documenting compliance with company policies and procedures. Cameras could monitor and record activity in areas such as break rooms, docks and warehouses, vendor areas, secured areas and cash registers.
  • More efficient use of time, money and space provided through the use of digital video recorders (DVR), that typically allow for easy retrieval of event-based data. The data recorded by DVRs can be very helpful when it is important to be able to quickly send photos and other pertinent data to local public safety organizations, such as the police and fire department.
  • Effective use of access control systems and efficiencies possible with database-driven systems that can accommodate personnel changes and other challenges (such as time clock auditing and movement throughout a facility or near secured areas).
About Synergistics Premier BankingSynergistics Premier Banking, since 1960, is an innovator in providing complete access control systems through the use of advanced cardholder technology.  Synergistics Premier Banking created the first ATM access control system. Servicing industries and organizations requiring varying levels of restricted entry for the past 50 years, Synergistics Premier Banking is large enough to meet all of your banking access control needs, but small enough to offer customized solutions and service. 

No comments:

Post a Comment