INCORRECT PROCESS OF PHYSICAL SECURITY RISK ANALYSIS
Adaptation for Security Risk Analysis & Assessment
Health & Safety in South Africa does, unfortunately, affect security negatively and one of the reasons for this is that the Security Manager often fulfills the dual role of the Health & Safety Officer. There are even instances where one individual will fill, not only those two important positions but, additionally, also that of the Building Manager and the Emergency Planning Coordinator. Due to the fact that Health & Safety is furthermore governed by law whereas security is not, this has resulted in the latter being wrongfully neglected. Many assessors make use of the grading system that has been directly adapted from Health & Safety protocol when attempting to a physical security risk analysis. Unfortunately this approach to the Security Risk Assessment is not very accurate, objective or successful. Although there are those that strongly oppose our viewpoint, through experience we have been able to determine that this is indeed the case. Health & Safety deals with probability but the independent Security Risk Consultant evaluates the opportunity created within the security system for a crime to be committed. To the independent assessor, a risk remains a risk and therefore it cannot be graded and this is what the security risk analysis should be based on.
Approaching the Physical Security Risk Analysis by Grading is inaccurate
Time and time again we have been called in to reassess the risk and security of a company, or a home, that has had their properties evaluated in this manner and who have then become a target of criminal attack thereafter. Furthermore an overwhelming amount of these incidents occurred at a point that was initially rated as a 1 on the scale in this type of security risk analysis. This indicates that that specific area or point was regarded as having little to no risk. The low scoring meant that these points in the security system were not given further attention and no upgrades or additional preventive measures were put into place as it was deemed unnecessary. These areas were not even included or addressed in the Security Plan as it was felt there was no need.
CASE STUDY
A particular incident involved a popular and busy restaurant that had had a security risk analysis conducted in this manner. A back door, that led into an enclosed alley where all the refuse and soiled foods were left until the municipality could remove it on a weekly basis, was rated as a ‘1’ in the initial Security Risk Assessment and this area was generally avoided by everyone due to the smells emanating from the alley. The Security Plan for the restaurant did not include any security upgrades regarding this particular door or the alley and a few months later this exact door was used by a criminal as an entry point when he attacked.
NOT JUST HARDWARE
The thief had waited in this alley for several hours before entering so that he could catch the management unawareness and at their most vulnerable as the majority of the staff had already left for home. Further observation over several days had allowed the criminal to determine when the most cash would be onsite and what the best time would be to commit the crime for optimal personal gain. The original security risk analysis covered only the hardware and structure of the building and had not considered the human element. Due to management’s unintended negligence and that they had no Security Awareness at all, they were hit very hard by this incident and all the weekly takings, as well as the staff wages which was to be paid over the very next day, were stolen. Realizing that the initial security risk analysis had proved to be incorrect and afraid of future attack, the restaurant called for an independent assessment to ensure that their properties could be appraised and effectively secured.
By Andre Mundell
Written by Andre Mundell