Confidentiality is a Priority in Terms of Physical Security Risk
A very important aspect of our business as Physical Security Risk Assessors is the value and the guarantee of confidentiality. Particularly regarding our clients. The data that we gather is high risk as it reveals all weaknesses and vulnerabilities within their physical security.
Furthermore this includes the solutions subsequently provided within the final Physical Security Risk & Threat Assessment report and the tailored Security Plan.
In the wrong hands, individuals could use such information for malicious intent and meticulously plan a crime. This could have very dire consequences indeed.
It is therefore necessary that all the companies, entities and individuals that we deal with remain anonymous. Their physical security status must remain secret and safe under all circumstances. Although we may very much like to share with the world the exact names of major corporations and even celebrities whom have used our services, particularly to prospective clients and for marketing purposes, this is in absolutely no way possible. We need to adhere to the strictest terms of confidentiality at all times. Risk and confidentiality need to always be hand in hand.
CONFIDENTIALITY HAS NO SELL BY DATE
Recently we have published several advertisements to seek new Physical Security Risk Advisors to be trained. Due to the high unemployment rate, the response and amount of CV’s received in application for the advertised position has been somewhat overwhelming. It was with further distress that we have noted that some of the applicants have actually included previous Physical Security Risk Assessment reports or similar types of documentation of work they have done in the past to highlight their abilities. Confidentiality was not considered.
Enough information
Although such reports are by no means as extensive and in-depth as the ones we provide as Independent Security Risk Consultants, there is enough information in there that outlines the risk of the involved entities and properties as determined through various findings. Irrelevant of whether or not you are still under the employ of a security company, or even if you handle such matters and business dealings on your own or privately, the promise of confidentiality to the client must always remain. Nondisclosure agreements do not have a sell by date and should continue to be fully adhered to despite any other circumstances that could occur in the future.
NONDISCLOSURE AGREEMENTS NEED TO BE IN PLACE
Therefore, when signing a nondisclosure agreement, all parties must understand that there is absolutely no telling, sharing, or boasting permitted. This is a strict and legally binding contract to all involved.
Companies or individuals that are about to have a Physical Security Risk Assessment conducted on their respective sites must ensure that this vital aspect is covered. A good, loyal, professional and honest Physical Security Risk Assessor will insist upon this.
Often, we may need to consult with a third party or an expert when determining the best solutions for our clients. These individuals or groups are also required to sign nondisclosure agreements as details must be provided for advisory purposes.
Although a large responsibility of maintaining such confidentiality lies in the hands of the Independent Security Risk Consultant and any security companies that have sold hardware and equipment, or who have installed security systems, the client also has to realize that he / she cannot divulge such information either.
Limited information
With minimal information and a few key words using Google, we’ve found complete Threat Assessments online, published by corporations. Some of these summaries include detailed information on solutions and key elements like power and communication cabling layouts.
One particular case involved diagrams indicating exactly where these cables were located underground. Another clearly states which of the security solutions within the Security Plan have already been implemented and which vulnerabilities still needed to be addressed. With this type of information so freely and easily available, a savvy criminal could plan his attack perfectly and bypass all defense or protective measures that may be in place. Nowadays criminal groups have become highly organized, and plan their attacks extensively and precisely, before they hit.
They have more information about their targets’ security systems and physical security risk than their victims actually do.
By Andre Mundell