How accredited security consultants can help manage risk

James Kelly, Chief Executive of BSIA, tells Open Access Government why reputable security consultants and staff training are worthwhile when it comes to risk

As we begin to move forward through 2017, planning for the future and ensuring risk management processes are in place for all eventualities is essential. 2016 was a tumultuous year, with terror attacks continuing to pose a very real threat to our society. Adding to this, organisations can face a wide number of threats year round, including fires, flooding, cyber-attacks and financial losses.

Ask the experts: Reputable security consultants

One of the best ways to plan for a crisis and develop fit-for- purpose incident management processes is by firstly identifying the risk register. As a business, it’s paramount to know what you are protecting yourself against and at the heart of any business’s security and its resilience to threats is its risk register. The risk register is a key tool that helps a business identify the day-to-day risks that it faces and the best ways to counteract them.

As this is such an important step, it can be worthwhile to enlist the help of a credible security consultant in order to assist in adequately identifying the risk register. Security consultants can provide independent professional support to ensure that any security measures required by the client correspond to both existing and emerging threats, whilst complementing a business’ environment and operation in order to protect people, building, assets, and ultimately, reputations. An outsider’s professional opinion can be very valuable, as they are able to identify risks that may have been overlooked previously. Consultants can carry out a range of services including, but not limited to, risk assessments, due diligence checks, cyber investigations and security penetration checks.

Ensuring that you’re enlisting the help of a reputable consultant is essential in effective risk management.

To aid in this process, the BSIA has produced its own ‘Code of Ethics for Companies Supplying Security Consultancy Services’, which sets out the professional standards and integrity that BSIA security consultancies should encompass. For example, it is best practice to choose a supplier that can act “with integrity, honesty and professionalism”, who is “transparent and impartial in all that is done and will “provide soundly managed services that engender trust and confidence with their clients”.

It is absolutely essential to choose a consultant that applies “British, European, government and Ministry of Defence standards” at the core of all “processes and methodologies used in security and risk management”. The business should also be subject to ISO 9001 and BS8549, with all security consultants undergoing continuous professional development throughout their career.

Training for purpose

When creating contingency plans, it is important to look at how the organisation operates on a wider level in order to identify what aspects of the business are essential in its ability to continue to function in a crisis. For example, ensuring that employees can work securely offsite, if necessary, is crucial in ensuring business continuity. It is not enough just to have plans in place in the case of an emergency; it is also paramount that all employees are aware of existing contingency plans so that they may go about their roles as necessary. Such plans should also be efficient in their structure, making sure that incidents are dealt with in a timely manner, as not to compromise the business further.

As well as enlisting independent professional support from a consultant, it can also be worthwhile investing in specific training in order to ensure that members of staff are able to respond accordingly to potentially threatening situations. To be fully prepared for a crisis, employees, particularly those in senior management, can undertake specialist training courses on crisis management. Such training should be delivered by a reputable training provider whose comprehensive courses can help members of a business develop the essential skills and confidence to effectively deal with a crisis. The training available is extensive and can cover all aspects of incident management, such as risk assessments, security surveying, continuity management and disaster recovery. Those that deliver the training should also be professionally qualified tutors with real-world experience of the industry in order to provide an insightful, valuable course.

In order to ensure the training is truly fit for purpose, it is important to choose a trustworthy training provider. Members of the BSIA’s Training Providers Section are committed to working with fellow training providers, colleges, security companies, trade organisations and the government to drive standards, increase professionalism and ultimately improve the standard of training offered to the security industry. Keeping in line with these values, the section has also created its own ‘Code of Conduct’ in order to help safeguard the interests of consumers of services provided by BSIA members, as well as raising the bar of professionalism amongst its members. Adhering to the code provides tangible evidence of each member company’s commitment to proficiency and probity, helping them to keep abreast of current practice, regulation and applicable laws affecting training, in order to ultimately position themselves as the best in the industry.

Ultimately, when implementing security strategies and preparing for the future in an uncertain world, one thing remains steadfast – the importance of quality. Whether it’s a security consultant, training provider or any other form of security, those responsible for procuring security products and services for their organisation should only be enlisting the help of a trusted, professional provider who meets with the necessary British and European standards.

James Kelly

Chief Executive

British Security Industry Association (BSIA)

@thebsia

LEAVE A REPLY

Please enter your comment!
Please enter your name here