Confidentiality is a Priority in Terms of Physical Security Risk
A very important aspect of our business as Physical Security Risk Assessors is the value and the guarantee of confidentiality. Particularly regarding our clients. The data that we gather is high risk as it reveals all weaknesses and vulnerabilities within their physical security. Furthermore this includes the solutions subsequently provided within the final Physical Security Risk & Threat Assessment report and the tailored Security Plan. In the wrong hands, such information could be used for malicious intent and the meticulous planning of a crime. This could have very dire consequences indeed. It is therefore necessary that all the companies, entities and individuals that we deal with remain anonymous. Their physical security status must remain secret and safe under all circumstances. Although we may very much like to share with the world the exact names of major corporations and even celebrities whom have used our services, particularly to prospective clients and for marketing purposes, this is in absolutely no way possible. We need to adhere to the strictest terms of confidentiality at all times. Risk and confidentiality need to always be hand in hand.
CONFIDENTIALITY HAS NO SELL BY DATE
Recently we have published several advertisements to seek new Physical Security Risk Advisors to be trained. Due to the high unemployment rate, the response and amount of CV’s received in application for the advertised position has been somewhat overwhelming. It was with further distress that we have noted that some of the applicants have actually included previous Physical Security Risk Assessment reports or similar types of documentation of work they have done in the past to highlight their abilities. Confidentiality was not considered. Although such reports are by no means as extensive and in-depth as the ones we provide as Independent Security Risk Consultants, there is enough information in there that outlines the risk of the involved entities and properties as determined through various findings. Irrelevant of whether or not you are still under the employ of a security company, or even if you handle such matters and business dealings on your own or privately, the promise of confidentiality to the client must always remain. Nondisclosure agreements do not have a sell by date and should continue to be fully adhered to despite any other circumstances that could occur in the future.
NONDISCLOSURE AGREEMENTS NEED TO BE IN PLACE
Therefore when a nondisclosure agreement is signed, all parties that have placed their signature on this extremely important document need to have the understanding that there is just simply no telling, no sharing and definitely no boasting. This is a strict and legally binding contract to all involved. Companies or individuals that are about to have a Physical Security Risk Assessment conducted on their respective sites must ensure that this vital aspect is covered. A good, loyal, professional and honest Physical Security Risk Assessor will insist upon this.
Often we may have to consultant with a 3rd party or an expert when determining the best solutions for our clients, and these individuals or groups are also then required to sign nondisclosure agreements as details need to be provided for advisory purposes. Although a large responsibility of maintaining such confidentiality lies in the hands of the Independent Security Risk Consultant and any security companies that have sold hardware and equipment, or who have installed security systems, the client also has to realise that he / she cannot divulge such information either. With extremely limited information, a few key words and the useful tool of Google, we have uncovered full Threat Assessments available online published by corporations themselves. Some of these have summarised all the solutions and particular key elements such as power and communication cabling layouts in high detail. One particular case involved diagrams indicating exactly where these cables were located underground. Another clearly states which of the security solutions within the Security Plan have already been implemented and which vulnerabilities still needed to be addressed. With this type of information so freely and easily available, a savvy criminal could plan his attack perfectly and bypass all defence or protective measures that may be in place. Nowadays criminal groups have become highly organised, and plan their attacks extensively and precisely, before they hit. They have more information about their targets’ security systems and physical security risk than their victims actually do.
By Andre Mundell
Written by Andre Mundell