Friday, June 15, 2012

Process for Conducting Security Assessments

I don’t believe in using anyone else’s form or template for conducting security assessments – each consultant or manager who conducts such assessments has a unique style coupled with his own knowledge and experience; so, as with many things related to security, a “one-size-fits-all” approach usually doesn’t work. But other groups (such as ASIS International and the Federal protective Service) do have some great ideas, so I have incorporated some of those ideas into the forms and procedures that I personally developed for my own use.

In general, I use several background/ “inventory” forms to generate basic information about the grounds/campus, physical facilities, administrative/operational business components, and policies/procedures of the organization for which I am doing the assessment. I have these filled out to the extent possible by organizational representatives prior to my physical inspections/interviews. I then personally conduct a site inspection (to verify all information developed via the background/ “inventory” forms and to assure that nothing important was overlooked), conduct personal and focus group interviews, and review all relevant policies/procedures for adequacy and sufficiency. Finally, I compile all information along with my analyses and recommendations into a narrative report which is the final work product.

During my career this process, along with my experience in serving as a Court-recognized Expert Witness, has confirmed by belief that every place has to be assessed and analyzed separately and independently to fulfill the legal standard for adequate and sufficient security – namely, reasonable security at a particular place and time, under a particular set of circumstances, based on reasonable foreseeability; and thus my process which combines self-developed tools for gathering information along with objective analysis according to the needs and culture of each particular project assures that my assessments are personalized for each client.

I have been using this process for the past 25+ years, and it has served me well.