It is very beneficial to collect information about threats aimed not only at your facility or company, but also at the surrounding community, your specific industry, and the nation.
With timely information, security staff may be able to detect and prevent impending security incidents. In addition, analyzing information may make it possible to discern trends. If security staff and management report and communicate security threats to company employees and other interested parties, more people can be involved in supporting the security effort.
Your security staff should regularly evaluate the number and severity of reported security incidents. They should communicate to management any significant increases or decreases in threats.
Establish a regular schedule for security staff and facility management to review information. Security measures should be upgraded incrementally as the threat level escalates. To improve response to threats, develop liaisons with emergency responders and other appropriate contacts.
9. Response to Security Incidents
A proper response to a security incident can reduce its affect on a company, employees, and neighbors, minimize losses and prevent future incidents.
Here are several tactics you can employ to ensure an optimal response to security incidents:
- Develop a process for reporting incidents and investigations
- Report any suspected illegal activity to law enforcement
- Review final incident investigation reports with all personnel whose job tasks are relevant to the incident findings
- Maintain investigation reports for at least five years
If your facility does not have trained security officers on site, your staff should not respond in person to potentially dangerous situations, but instead should immediately contact law enforcement. Also, make sure corrective actions are taken after an incident. Develop a means for management to audit and measure those responsible for taking corrective actions.
Establish a formal audit program and regularly conduct security audits to ensure proper deployment, identify weaknesses, incorporate lessons learned, and develop corrective actions. Be sure to develop a detailed, comprehensive audit checklist or protocol that encompasses key aspects of security: physical security measures, procedures, documentation, cyber security and management/supervision practices.
11. Third Party Verification
A key component of the RSCS is verifying that a company has implemented the enhanced security measures described in the vulnerability assessment program.
Independent third-party verification, including certification of compliance with the RSCS, provides a number of benefits. By obtaining this certification, both plant employees and the local community will be further reassured that the company has taken important precautionary steps to appropriately secure the site.
12. Management of Change
Changes to plant conditions provide the opportunity to predict security implications and adjust security measures before problems arise. It's critical that security staff is informed at the earliest opportunity of changes to operations and processes. Make security staff responsible for seeking out such information, and make other company managers responsible for providing it.
If your organization has existing change management programs, modify them to include security.
13. Continuous Improvement
A formal process dedicated to continuous improvement can help a company maintain its security effort at the highest level. By constantly tracking, measuring and testing security measures, a company can identify gaps and make improvements before incidents occur.