Introduction
A good security program is based on a balance of physical security measures, technical security systems, security personnel, and security practices and operations. Security management as a service involves providing ongoing support and expertise, such as security system oversight, ongoing operational reviews, program reviews, and risk assessments, to help organizations effectively operate and maintain their security programs.
As organizations deal with these challenging economic times, they must find ways to reduce costs and improve efficiency. In the physical security world, this often leads to lowering in-house security management and staff headcount, delaying necessary security system upgrades and maintenance, and settling for what they already have. These economic pressures are leading to less-than-optimal security management and, in some cases, no security management at all.
Security, like every other internal department function within an organization, requires management to address new threats and vulnerabilities and to maintain security measures and systems. This lack of strong security teams and systems emboldens criminals to increase their exploits and unlawful activities. In response, security experts have developed a new consulting service called security management as a service to help these organizations and their in-house security functions address the need to manage security properly while decreasing their exposure to risks.
Common Challenges with Current Inhouse Security Management
Security Training Deficiency
Security contractors typically offer basic training to program and operate newly installed security systems, leaving owners‘ security staff to figure out day-to-day operations for their building. This can lead to underutilized systems and potential security vulnerabilities. Despite the typical one-year warranty on new systems, in–house security personnel inherit these systems, and they must learn to operate them independently, often without adequate training or support. This can leave them struggling to protect their personnel and assets effectively. Having an external security consultant to assist the in-house security personnel in navigating this gap and managing their security applications will improve the security program’s overall effectiveness, especially with limited resources.
Security Regulations and Requirements
Tort law requires that an organization implement security measures and systems when they become aware of a threat or vulnerability. Failure to take action to correct a weakness or exposure to an identified threat results in that organization assuming the liability to pay for any losses or damages.
Staffing and Budget Constraints
There are situations where the owner does not have the security staff to properly monitor and operate the security systems because of the lack of budget funding. In this situation, the owner may feel compelled to assign a receptionist or other staff member to assume security responsibilities. Unfortunately, the person assigned these responsibilities may not have the proper training or experience to perform their duties properly.
Because of budget limitations, organizations may also fail to address costs, like annual security system maintenance, periodic software improvements, system hardware and software upgrade needs, and equipment and device replacement. Instead, owners rely on “as-needed” repairs without anyone managing the overall health of the security systems, which often leads to ignoring failed security devices. This approach can cause catastrophic system failures, jeopardizing people’s lives and organizational assets.
Security Contractor Limitations
There is a current trend in the security industry for security contractors to offer security design services directly to a building owner, developer, or architect’s design team, often with the promise of reducing project costs. A security contractor specializes in selling, installing, and maintaining security systems, not assessing an owner’s needs or preparing objective security design packages. In addition, security contractors are biased toward specific products they represent. Selecting a security contractor to design a project’s security systems often leads to incorporating a particular product line and security system the contractor represents. This commitment may not offer the best security technology or design solutions for the project or the owner. A security consultant, on the other hand, will select security systems and measures based on the owner’s and project’s needs versus a contractor who will use the systems they represent.
Consequences of Poor Security Technology and System Management
A lack of security system management often results in underutilized system capabilities and functionality because the owner’s security staff are often unaware of the system’s operational capabilities. In addition, the individuals responsible for the systems are often unaware of the necessity for updating security system software and licensing.
Other issues that may arise when owners do not establish an ongoing security management program include:
- Neglecting to update their security program to accommodate new use cases and respond to new vulnerabilities
- Inadequate maintenance, software updates, and licensing
- Inadequate security policies or procedures
- Failure to follow security industry best practices
- Insufficient budgeting for continuous system maintenance and implementation of needed improvements in equipment or operations
- Failure to conduct follow-up and lessons learned following a security breach or incident
- Lack of appropriate ongoing security training
- Assumption of liabilities for security failures not properly addressed
TEC’s Security Management Services
Security management as a service exists to fill the gaps that many organizations are experiencing after they install new security systems or occupy a new building. It is a crucial risk avoidance service offered by security consulting firms. These services are flexible, allowing the owner to select the extent of services they require. In turn, they can fulfill security management obligations at a fraction of the cost of hiring security staff. These services provide ongoing security management services while keeping the monthly costs reasonable. The following sections provide a general description of typical security management services.
Part-time Management of a Client’s Technical Security Systems
Part-time management includes weekly oversight visits to the client’s site, starting with a security meeting and then inspections to evaluate the operation of the security systems, devices, and software.
During these meetings and inspections, the security manager will:
- Validate the proper operations of the security system hardware and software to verify that they operate correctly.
- Develop an asset status database.
- Optimize the security systems’ performance.
Quarterly Reviews of a Client’s Security Operations
Quarterly reviews involve regular evaluations of a client’s written security policies and procedures to verify that they are consistent, accurate, and represent best security practices. The items the external security consultant will focus on include reviews of the following:
- Security breaches or incidents
- Potential mitigation strategies to respond to the breaches or incidents
- Any newly identified threats or risks
- New industry threats and risks
- Written security policies
- Procedures to satisfy the policies
- Security training programs and employee awareness
Semi-annual or Annual Review of a Client’s Overall Physical Security Program
This service consists of a risk and vulnerability assessment of a client’s overall security program to identify any evolving weaknesses, consider new industry threats and vulnerabilities, and recommend updates and improvements to mitigate any identified risks and threats. The security expert will submit an annual assessment report with suggested improvements and estimates of probable costs to implement the recommendations.
Conclusion
There is little doubt that meeting today’s security protection challenges requires a holistic approach to managing the security program for a building long after contractors have finished installing the security measures and systems. Ultimately, the owner is responsible for managing, maintaining, and continually updating the security program based on changing threats and risk environments. Failure to meet these challenges will result in program obsolescence, underutilization of security measures and systems, and liability exposure. Security management as a service can fill the gaps on an ongoing basis through independent outside services, resulting in a safer and fully compliant building.
About the Author
William Sako is a senior officer with Telgian Engineering & Consulting, one of the world’s leading fire protection and security consulting companies. Mr. Sako is a leading authority on security technology, force protection and operational security. He can be reached at his office at (847)595-1160 or via email at wsako@telgian.com
Contact TEC today to learn more about our fire protection, life safety and security services.
Media and Interview Inquiries: Please contact info@telgian.com