Chartered Security Professionals












 Security Policy - Design   However, in my opinion, it should be viewed as a management function and as the responsibility of all

      members of staff. Each one of us performs security and safety functions on a daily basis as a matter of course,
 and Delivery  for example locking doors, clearing desks, using passwords, logging out of computers, switching off equipment,
      reporting incidents etc. The culture of an organisation, including the approach to security policy, stems from a
      philosophy that may be attributed to the head of the organisation or/and past events which have shaped the
      organisation’s history, and current events that define its position in the market.


 By Adil Abdel-Hadi CSyP FSyI  As the Chief Executive of a successful large organisation stated:
      “The core of our organisation is ’People — Product — Profits’, if we take care of our people, products will be
      created, and profits will follow”.

      Safety and security of employees and business premises are evidently important for the efficient functioning of
      the organisation. However, the security function which embodies people, structures, systems, procedures and
 When it comes to the security of premises, large or small,   information should be integrated into the organisation with the minimum of obtrusiveness and interference.
 the principles remain the same. The security policy is   It is meant to be a support function, creating the desired secure and safe environment for the organisation
 derived from the overall organisation policy and the   to function properly. The level of security measures must be judged correctly to strike a happy balance and in
 objective is for it to assist the organisation in attaining its   order not to impede the business from operating efficiently. Nevertheless, employees also need to be secure
 goals.   and feel secure in order for them to be able to support the business.

 The Security Policy design and delivery discipline is outlined   Management of security should be carried out as an on-going project of improvements of preventive
 in twelve steps:  measures. It should not be treated only as a priority when an undesired event occurs, with the priority then
      ending when the situation is rectified.
 1.   Plan your Policy
 2.   Write it down.  For an organisation or any enterprise serious about security, professional methods should be followed in
 3.   Understand what you are trying to protect  assessing security needs. These methods are known by various titles, including security survey, protective
 4.   Carry out Risk Assessment & Analysis  security risk review, security audit, security review, and risk and threat assessment. It has been suggested
 5.   Review the Threats  that the security review consists of the following four stages: resource appreciation, threat assessment, risk
 6.   Design your Policy  analysis, identification of weaknesses and recommended solutions. Through this process, assets and functions
 7.   Get upper management buy-in & HR support  critical to the survival of the organisation are identified to receive the best protection.
 8.   Write down the procedures
 9.   Derive service rules from the policy  Security Policy Statements
 10.   Educate & Train your staff
 11.   Create Security Culture in the organisation  Protection of business premises and employees
 12.   Update Policy as deemed necessary.  The organisation needs to employ and implement all necessary security measures geared towards the
      protection of premises and employees. Legitimate access to the premises is to be controlled and recorded 24
 It has been suggested that the circumstances of recent   hours a day. Intruder and fire alarm systems to be installed, remote monitoring is recommended.
 years, increasing professionalism and demands of
 cost effectiveness alike have created the need for   Access Control
 the safeguarding of assets, personnel, and even the   This is to be considered a priority that applies to all those who require access to premises, including local and
 profitability of the organisation against theft, fraud, fire,   visiting staff. The use of the official ID badge must feature prominently as the only means of identification.
 criminal damage and terrorist acts. To achieve these   Otherwise, the identity of the person requiring access is to be verified by other means such as facial
 objectives, formulation and implementation of strict rules   recognition or biometrics before access is allowed.
 and policies by the employer is required.
      Security system administration
 Security management is viewed differently when placed in   Receptionist/security personnel are to be allocated the responsibility for the day-to-day administration of
 different contexts; the general view is to take preventive   the security system. This is to be supervised and managed by nominated senior personnel who take on the
 measures to stop an undesired event from taking place.   responsibility of the security management of the building, or by a delegated authority.
 Others may view it as guarding assets against crime, the
 physical protection of premises, loss prevention or risk
 management.


 48                                                         49