2024 is looking like a dynamic year for security governance and compliance. Some big changes are on the way — from brand new standards to insurance taking a larger role. What can you expect to see in the new year?
Below are three major trends we’ve noticed in compliance, risk, and governance.
The move to process-based standards
Lately, we've noticed that many compliance and regulatory bodies are moving toward process-based standards. This is a change from the past, when many security standards were guideline-based.
What’s a process-based standard?
A process-based standard includes security baselines that must be met, although every organization can decide to meet those baselines in whatever way works best for them. For example, a process-based standard might require a perimeter fence, but does not dictate a specific type of fence. The organization can choose the fence that meets their specific needs. They also use a specific process to continually assess their risk and their security needs.
This is much different than a guideline-based standard, which prescribes specific controls, key metrics that need to be measured, and dictates exactly how security controls should be installed.
Many standards are moving away from such strict guidelines because regulatory bodies are realizing that there are now so many options when it comes to controls, and those standards bodies are feeling exposed to liability. It makes more sense to ensure each organization has its own assessment process in place and can determine its own risk level.
New and updated standards
We can expect to see some brand new safety standards coming our way in 2024, as well as some updates to old standards. Some of these standards regulate industries that haven’t been previously regulated, but due to changing risk, new controls are necessary,
ASIS’s new school security standard
ASIS is planning to launch its school safety standard in 2024.The standard provides guidance for the development, implementation, maintenance, and continual improvement of a school security program for K-12 schools. The standard has been hotly anticipated by the security community, so we expect to see much more discussion about securing schools in the next year.
Updates to OSHA regulations
The Occupational Safety and Health Administration (OSHA) is changing its regulations, effective January 1, 2024, to the scope of the injury data employers must electronically submit and which industries must comply.
Changes to the NFPA 101: Life Safety Code (NFPA 101)
The Fire and Life Safety codes are being updated in 2024. Among the changes is guidance for minimum life safety precautions for healthcare facilities’ emergency “alternate care sites.”
Insurance companies are driving compliance
Many regulatory changes are happening because insurance companies are getting involved. Many insurance companies are pushing companies to stay in compliance with regulations, charging more for coverage when an organization doesn’t have certain security controls. For example, insurance companies are paying out millions of dollars in claims for school shootings; it’s likely that insurance companies will drive adoption of the new ASIS standards.
This isn’t the first time insurance companies have gotten involved with regulations and compliance. A few decades ago, insurance companies started offering reduced fire premiums for companies with 24/7 security officer coverage. The reason? Most fires start at night.
We are very likely to see insurance companies take the same approach to school shootings, deciding which controls must be in place for a school to be deemed insurable.
What challenges will your business face in 2024? Contact us now about assessing your security, and make a plan for the next year.