Introduction
Independent security risk assessment—security companies are everywhere. They install cameras, hire guards, set up alarm systems, and promise peace of mind. But here’s the uncomfortable truth: most of them don’t actually assess security risks; they manage them. And managing risk without first understanding it? That’s like prescribing medicine without diagnosing the illness. At Alwinco, we don’t sell security services. We don’t install equipment. We don’t manage security teams. We do one thing, and we do it better than anyone else: we conduct independent security risk assessments. Yet, time and time again, we’re mistakenly categorized as just another security company. This misunderstanding isn’t just frustrating; it’s dangerous. Because when businesses approach security the wrong way, they expose themselves to risks they never even considered. In this post, we aim to clarify misconceptions, highlight the industry’s shortcomings, and demonstrate the importance of independence as the foundation of true security.
Let’s dive in.
To clarify a common misunderstanding, Alwinco is an independent security risk assessment consultancy operating throughout South Africa. We have been a virtual company for over 20 years, but our virtual operations became more robust, structured, and secure after COVID-19. Our approach incorporates expertise from various fields related to security risk assessment. However, many people mistakenly view us as a security company. Alwinco is not a security company. We are not a risk management company. We specialize solely in independent security risk assessments. We are not risk managers or security managers; we are security risk assessors. In the field of security risk assessment, the fundamental principle is that you must first identify the risk before you can manage it, understand it, or effectively address it.
Risk management companies, security managers, and security companies are not in a position to conduct actual risk assessments.
They are inherently tied to their own services, client relationships, and management portfolios, making it impossible for them to remain unbiased. This is where the real challenge lies; independence is the key to a proper risk assessment. Despite this, every time we participate in RFQs for large corporate companies, we are incorrectly categorized as a security company. This misconception undermines the true value of independent risk assessment.
We are not a security company, far from it.
We don’t have security guards, armed response teams, a control room, or alarm systems. We do not provide security services. As independent security risk assessors, our approach to security risk assessment involves working with a variety of different experts, each specializing in specific fields. However, we do not employ them full-time, as their expertise is only needed in certain situations. If we had to employ all the specialists we consult, our team would exceed 500 people, an unnecessary and impractical structure for true independent risk assessment.
For example,
An expert in home security is not the same as an expert in corporate security, just as those specializing in warehouses, hospitals, or airports have entirely different skill sets. Each environment presents unique risks, and high-value clients bring yet another layer of complexity. We work with a range of specialists, each with expertise in their respective fields. However, due to the confidential nature of our work and strict confidentiality agreements, not everyone interacts directly with clients. The client sees only one face: mine.
The rest doesn’t matter because, in the past,
We’ve seen how easily confidentiality can be compromised. A simple encounter, such as a client recognizing an undercover person in a coffee shop and greeting them, can become disastrous if that person is unknowingly working with a criminal. Situations like these have led to serious consequences. That’s why everything flows through me. All information, communication, and findings come from me, and I personally present them to the client. This ensures the highest level of confidentiality and security, protecting both the client and the integrity of the risk assessment process.
Now, coming back to the security company misconception,
Because we are PSIRA registered and operate in the security risk assessment field, people automatically try to categorize us as a security company. When responding to RFQs from government, semi-government, and corporate entities, we constantly face the same problem: the RFQs are designed for security companies, not for independent security risk assessment companies. They are structured around procuring security products and services, not for investigative processes or the flow of a proper security risk assessment.
That is where the fundamental difference lies and where people make the biggest mistake.
Many read our assessments through the eyes of a security manager or risk manager, assuming we manage risk, but that is not our role. We identify security risks, provide risk-specific solutions (often more than one), and outline a clear path to mitigating them.
To do this effectively, we must remain completely unbiased.
We are not part of the security structure; we are the referees, not the players. We assess security and risk from an entirely different perspective. Security companies, managers, and even clients assess risk based on their own roles and experiences. We, however, view it from the criminal’s perspective, understanding how they think, operate, and exploit weaknesses.
In a way, you could say that criminals themselves are our greatest teachers.
They are always a step ahead, forcing us to adapt and refine our methods. Their evolving tactics continuously shape the way we conduct risk assessments. Risk assessment today is not what it was five years ago. Advancements in technology, new security risks, and emerging threats require constant adaptation. For example, equipment and tools available today didn’t exist five years ago, and we must analyze their impact on security. We are also the only company that has extensively studied the influence of AI on security, evidence, and legal proceedings. Since no one else has done this before, our approach is not only independent but also innovative.
The reason for this is simple:
We are security risk assessors. We identify risks, assess them, and provide solutions. Unlike service-driven companies that need to install equipment, secure contracts, or sell security solutions, we focus solely on assessment. Service providers face a conflict of interest because they both assess and implement security measures. We do not. Our role is purely to assess. We don’t install security systems. We don’t provide guards. We don’t have a response unit or patrol vehicles. Yet, people often ask us about guarding services or response teams because they assume we operate like a security company.
But we are completely different, unlike any other. This is also why we are the only truly independent security risk consultants.
Article written by Andre Mundell. # Independent security risk assessment
If you would like to learn more about our services or need additional information on security risk assessments, please send us an email or visit our website, Security Meetings, and subscribe to our newsletter.
We do security risk assessments for customers in Arcadia, Bloemfontein, Bluff, Pretoria, Observatory, and Gauteng, like Braamfontein, Jhb CBD, Kempton Park, etc. These assessments apply to homes, businesses, industrial estates, farms, and other types of property.