Conferences
Join Us for Our GSX Panel: ESRM Best Practices for Reducing Liability through Organizational Risk Analysis
How does your enterprise conduct physical risk assessments at its sites? Paper checklists? Spreadsheets? Digital platforms?
Most enterprises rely on traditional methods of assessing and mitigating risk, such as physical checklists, word documents, hand written notes and a paper report after the assessment is complete. However, just because something is a traditional practice doesn’t make it a best practice.
Enterprise Security Risk Management (ESRM) is in a period of rapid change; new technologies and an evolving understanding of risk mean that enterprises have new options when it comes to managing physical risk — and those options come with new, and better, best practices.
That’s something we’ll be talking about at GSX 2024 in our panel, “ESRM Best Practices for Reducing Physical Security and Safety Liabilities through Organizational Risk Analysis.”
What’s wrong with traditional risk management?
When it’s time for an audit of your sites’ security, your enterprise likely brings in a subject matter expert (SME) to conduct an investigation and assessment. That expert visits your sites, makes notes, takes pictures, and records vulnerabilities. Then the expert disappears for a while to write up a comprehensive narrative report including their findings and recommendations.
What’s wrong with this process?
It’s subjective: Many assessments are entirely based on the experience and point of view of your SME. You could hire two different excerpts to assess the same site and receive two different reports. While SMEs do have valuable insights, this is not the best use of their experience.
It’s not a good use of your SMEs’ time and expertise: SMEs should not be conducting EVERY assessment themselves. Consider a doctor’s office: the doctor doesn’t check you in or take your vitals. You only see the doctor - the SME - for a diagnosis and recommendations. Site managers or security officers can walk your sites counting locked doors. Your SMEs are much better utilized later in the assessment process, when you need their diagnosis of problems, and recommendations for mitigation. The SME should reserve their time for when it is necessary and warranted.
There’s no action component to the report: Paper reports are useful; they provide information about the risks at your sites and are helpful when your organization is applying for grants and insurance. However, reports should not be the end deliverable of a security assessment. There is no easy way to make the report actionable. Often someone has to manually enter data into a spreadsheet or project management platform - which can pose its own problems during remediation.
The data’s static: Paper reports provide a point in time picture of your organization's security risk, rather than providing a living document that is updated in real time, and shows remediations as they are made.
Paper might not work, but what else is there?
For a long time, paper assessments and spreadsheets were the physical security industry’s only options for risk assessments. But things have changed. The advent of tools like physical security assessment platforms and threat assessment software have created new best practices for risk assessment.
Join us at GSX 2024 to learn more about these new best practices in risk analysis and assessment.
On Monday, September 23 at 10 am ET, Circadian Risk founder Daniel Young, Circadian RIsk CEO Michael Martin, and Setracon founder Jeff Slotnick will present a panel on “ESRM Best Practices for Reducing Physical Security and Safety Liabilities through Organizational Risk Analysis.”