Why A Security Assessment and Report is Never Enough

You’re planning a security assessment of your site. But after the assessment is done, and you’ve looked through the report, what will your next steps be? Will the report go on a shelf? How will you take action on it?

It's not enough to know that there are holes in your security. Circadian Risk’s assessment platform takes the recommendations of a security professional and turns them into actionable, trackable tasks in a project management system you can use all the time — not just after an assessment.

What is our Project Management - Action PlanS & Strategies™?

Our Project Management - Action Plans & Strategies™ (PM-APS™) is a lot like the recommendations you recieve after a medical check-up.

At the doctor’s office, you’ve had your health assessed, but a diagnosis isn’t enough; you and your doctor will need to take steps to correct the problem. Let’s say you’ve been diagnosed with high cholesterol. Your corrective action plan may be to exercise, change your diet, and take medications to reduce risk to a heart attack or heart disease. If you do nothing your risk of one of these incidents will continue to increase.

Security assessments are the same. A risk assessment is simply the diagnosis. The action plan is the list of remediations your organization needs to make to mitigate risk. The problem with traditional action plans, however, is that they need to be drawn up manually after an assessment is complete.

Need help with risk assessments? Contact us now for a demo.

Why an action plan should be digital

When a security assessment is produced as a paper report, the remediation suggestions made by the security professional are often presented as a checklist, or to-do list. But who puts that together, how often is the list checked, and how are remediations tracked?

A list can be lost, important recommendations can be left off, and different versions of the list may cause confusion. A lack of a central, trackable list of tasks can expose a business to liability.

Circadian Risk’s platform compiles the list as the site’s risk assessment is completed, and it’s then turned into a digital action plan with trackable tasks, such as fire extinguisher remediations from an inspection or the replacement of old equipment, like cameras.

The list is kept in a central portal, where it’s consulted as the one source of truth about a company’s security and risk levels, and updated as each task is completed.

5 reasons your business needs a digital action plan

A digital action plan is more than a checklist; it’s a living document that your organization can use to protect yourself against lawsuits, prove compliance, or simply prioritize important mitigations across large organizations:

1. They prove you’re taking action: A timestamped list of remediations can prove to a court or an insurance company that you are aware of risks in your organization and have been working to mitigate them.

2. They help with grant writing: If your organization is receiving security grants, you may need to show that grant money was spent on the items it was earmarked for. If you’re audited, you’ll be able to show the equipment that was purchased with the grant funds.

3. Remediation affects your risk: This may seem obvious, but when you make regular remediation, you reduce your organization’s risk.

4. A digital plan helps you scale remediations: If your organization has several sites, then you know prioritization of security-related tasks across several sites can be difficult, especially if you’re working from a single paper report. Circadian Risk’s PM-APS™ makes this process simple by allowing you to compare the risk levels of different sites at a glance, so you know what mitigations need to be taken care of first.

5. Digital action plans integrate with your organization: Circadian Risk allows for full integration and optimization with your systems and networks, so your corrective action plan can be given to whomever is conducting the mitigations.

Are you interested in a pilot of the Circadian Risk Solution? Talk to us now about assessing and mitigating your risk.

About the Author

Daniel Young

Founder & Chief Innovation Officer

Daniel has been a security and risk advisor for more than 10 years, and is passionate about helping companies to better understand their risks to undesirable events on a daily basis. Dan previously served as the Regional Bioterrorism Coordinator for District 1 in Michigan, where he was instrumental in preparing communities for catastrophic incidents. He has also acted as the Private Security Liaison for the City of Lansing’s Critical Infrastructure Team, which identified and documented deficiencies in the city’s critical infrastructure.

He is a Co-Founder of the CSO Risk Council, a think tank of seasoned security professionals and thought leaders with extensive experience in managing the physical security and risks of large enterprises consisting of multiple sites and whose mission is to create a better process to develop and share innovative solutions and pertinent information with organizations to improve safety and security risk by providing a forum to discuss best practices and recommendations for specific risk scenarios and to network with other enterprise security professionals.