Government standards for armed security guards serve as a benchmark to evaluate security in other settings. The above practices can also be used to prepare procurement documents for companies that contract out physical security. In addition, DHS requirements can also be used to inform a balanced scorecard evaluation of current security practices at critical facilities.
Start with requirements
Requirements are the beginning point for effective security at a critical facility. Fulfilling the security requirements of an organization or industry (e.g. PCI-DDS for the payment industry, HIPAA for healthcare and SOX for public companies) is essential. If these requirements are not met, a company’s credibility will be undermined. Penalties in the forms of media criticism, fines and industry censure are also possible. In 2015, Verizon found that two-thirds of companies using the PCI standard failed to test their security. Failing to fully utilize existing security standards is a significant gap.
Security requirements are especially important when planning a new facility. “In our experience, the biggest mistake that organizations make is failing to clearly identify their requirements up front such as the value of your applications and the cost of downtime,” explains Curtis.
Sign up for CIO Asia eNewsletters.