Who Will Conduct Your Next Security Assessment?
As posted on LinkedIn Pulse on November 6, 2017
Will a well qualified security professional conduct your next security assessment in advance of a major security breach, or will your next security assessment be conducted by the plaintiff’s legal team in the wake of a security breach? When a person is victimized by crime, on private property, and subsequently suffers damages, a lawsuit may be around the corner. That filing may assert that the victim had a reasonable expectation of a safe environment. Therefore the assertion of inadequate security becomes the essence of the complaint. The claim of inadequate security is often a situational judgement. The plaintiff will need to show that the security breach was reasonably foreseeable, and the premise in question failed to provide sufficient security to satisfy a reasonable standard of care.
Defining a reasonable standard of is usually predicated on two factors: Defining the level of threat, juxtaposition with the efficacy, overtime, of the ambient security program. Therefore, security must be a dynamic discipline, responsive to a dynamic threat milieu.
Unfortunately, all too often, the impetus for many security assessments occurs as a reaction, after-the-fact of a consequential security breech. Under ideal circumstances, security should be an anticipatory discipline. Prevention is far more cost effective than reaction.
Over the past several years the ability to quantifiably define the ambient threat environment, has improved significantly. There have been improvements in the quality data provided by state and federal agencies, as well as data from private sources such as the CAP Index. There is an implicit duty for security managers to be cognizant of the internal and external threat environment.
There have also been vast improvements in the ability to discern ambient internal trending patterns using in-house computer based security management systems. These systems can often expose discreet security emerging threats during the incipient phase, when corrective action is most effective. These tools, and others, will quantify security vulnerably.
Finally, cost effective security technology continues to improve, while at the same time, reducing payroll burden. Evoking the Neighborhood Watch model is now becoming a mainstay in the private sectors, in the form of effective security awareness training. Employees are trained and encouraged to become part of the solution.
These approaches are particularly effective for industries that afford public access. Those industries include hospitals, hotels, public schools, high-rise office buildings and shopping malls all of which are having to defend claims of inadequate security when breaches occur and personal injuries result. The usual question then turns to: Was the security program adequate and reasonable within the framework of the ambient threat environment?
The good news is: Thanks to sophisticated security management software, cost effective improvements in the application of security technology, as well as the cost-effective application of CPTED (Crime Prevention Through Environmental Design), along with effective security awareness training for all employees and tenants, criminality can be reasonably deterred. Weaknesses in security programs can be corrected, before they become a trend.
We continue to advocate the development of a security program using the Security Solution Hierarchy as the model to follow. This model is effective, and it will ensure effective ROI. (see Previous Submissions).
Additionally, one must consider the cost, both direct, and indirect of defending a lawsuit for inadequate security, or an intentional tort case, such as the excessive use of force. Remember, cases such as these, usually make the 6 o’clock news.
We believe that the best, and most cost-effective solution, is retain the services of a well-qualified team of security professionals. It is also beneficial to hire security professionals that have extensive experience as forensic security experts is cases involving the assertion of inadequate security. For experienced consultants, security breakdowns are not a hypothetical construct.
Finally, the security assessment process is simply good business. When it comes to the building of a multiphasic security program, those companies that provide security personnel and security technology often have a knowledge advantage regarding the application of the products and services they provide. A qualified security consultant who is not engaged in the promulgation of products and services, will bring objectivity to the process, such as the application of the Security Solution Hierarchy model. The primary purpose of the model is the ensure an effective security program that optimizes cost-efficiency.
Bill Nesbitt, CPP, Certified CPTED Practitioner
President, SMSI Inc. (www.smsiinc.com)