Security Assessment Service

It is highly recommended clients use our security penetration testing service in conjunction with our security assessment service.

Security Assessment Service

Security Assessments are an excellent way to evaluate your existing security program and a great first step to take prior to making security improvements at your facility or when trying to solve a specific security problem.

During a Security Assessment, all aspects of your security program are examined, any weaknesses are identified, and suggestions for security improvements are made. In addition, opportunities where costs can be reduced or where security operations can be made more efficient are identified.

This assessment process is constantly evolving, allowing us to take advantage of lessons learned from previous assessments, and to keep up with the latest security best practices.

The Security Assessment uses a structured, formal analysis process that allows us to develop a deep understanding of your business, operating conditions, corporate culture, and unique security risks and threats.

While client involvement is crucial to success, our consultants facilitate the assessment every step of the way, keeping the project on track, and making sure that all important elements are examined.

Custom Assessment For Every Client

The Security Assessment is custom for each project, but typically includes the following tasks:

Risk identification and analysis

Threat and vulnerability assessment

Review of site and facility security

Analysis of crime data including loss history, police calls for service, crime statistics, and crime forecast reports.

Review of degree of compliance with recognized CPTED (Crime Prevention Through Environmental Design) principals

Review of degree of compliance with security requirements that are specific to your industry. These may include C-TPAT (Customs-Trade Partnership Against Terrorism), FISMA (Federal Information Security Management Act), HIPAA (Health Insurance Portability and Accountability Act), PCI (Payment Card Industry), Joint Commission, and security requirements imposed by regulatory agencies.

Review of facility operating procedures

Review of physical security systems

Review of electronic security systems

Review of architectural security

Review of security policies and procedures

Review of security management

Review of security personnel

Evaluation of present security program and identification of any weaknesses and vulnerabilities

Development of recommendations for security improvements

Identification of short-term and long-term costs

Prioritization of recommendations and development of implementation plan

Preparation of written Security Assessment Report

The Security Assessment Process

So, what can you expect when we conduct a Security Assessment at your facility?

The following is a brief outline of the typical assessment process:

Prior to coming to your site, we will request a number of documents for our use during the assessment. These typically include plans of the site and buildings, copies of any existing security policies and procedures, samples of various types of forms, company telephone directory, employee handbook, and other similar items. We only want what you already have; if there is something on our request list that is not available, it is not a problem.

We will work with you to identify the people within your organization that we would like to interview. The goal is to get a good cross-representation of all of the major operating and support departments within your organization. Typically, this would include members of senior management (CEO, CFO, CIO, etc.) , department heads, and people who occupy roles which are directly related to security, such as building receptionist’s, security officers, and shipping/receiving personnel. The typical interview session lasts between 30 and 45 minutes.

When we first arrive on site, we will start by conducting an in-depth interview with the person who presently serves as “security manager” for the facility. This may be an actual security manager, or may be the facilities manager or other person who manages the security function for the organization. This interview session covers a lot of details, and typically takes 2 to 3 hours. After this interview, we ask this person to give us a brief guided tour of the facility.

We then begin conducting individual interview sessions with each of the employees identified in above. Depending on the size of the organization, this process could take one, two, or more days.

At the conclusion of the interviews, we will conduct detailed inspections of certain areas of the facility and site. We may also spend extended periods of time observing certain areas of your facility, such as the building lobby or shipping/receiving loading docks.

We will return at night with our light meter to take lighting measurements in your parking lots and other areas of the site. We will also take advantage of this opportunity to observe how your facility operates at night, and to get a general feel for the neighborhood during the hours of darkness.

At the conclusion of our visit to your site, we will meet with you to give you an update on our progress and to discuss the next steps in the process. At this point it may be possible to offer some preliminary findings and recommendations, but in most cases, we will need time to process and analyze the data gathered before we can give you any meaningful guidance.

We then return to our offices and begin our formal Security Assessment process. During this process, we identify your critical assets, analyze potential threats, review loss history, study crime forecasts for your site, evaluate existing security measures, and identify potential weaknesses and areas for improvements. At the conclusion of this process, we begin to write the Security Assessment Report. It normally takes between two and three weeks from the time we complete our site visit to the time when we complete our draft report.

While we are preparing the report, we often uncover things that require further investigation and study. In some cases, this may require that we return to the site to conduct additional interviews or to examine certain things more closely. We may also request certain additional documents or other information that is available from within your organization.

When the draft Security Assessment Report is completed, we will send it to you for review. After you have had an opportunity to digest the document, we will meet with you in person or via teleconference to review the report in detail and respond to any of your questions or comments.

After we have obtained your input, we will prepare a final Security Assessment Report that incorporates your comments. If desired, we can make a formal presentation of the Security Assessment Report to your senior management team or others.

At the conclusion of the assessment process, we remain available to assist you with implementation of the recommendations contained within our report. This can include identifying vendors and sources of products and services, reviewing bid proposals, developing security policies and procedures, providing training, and assisting in other ways.