The most effective way to secure a business is to use a combination of physical, information and personnel security measures. An expensive swipe-card and PIN access control system, for example, is of little use if recruitment checks are not properly assessing who is issued with a pass in the first place.
However, when combined, these three disciplines working together create a ‘multi-layered’ regime with each layer reinforcing against the weaknesses of the next, providing a mix of deterrence and detection.
CPNI’s advice and research encourages organisations to use all three disciplines together rather than relying on just one.
Appropriate and proportionate
Any procedures, measures and investments put in place must be appropriate and proportionate for that specific situation. Every location, even within the same organisation, will be different and so the security requirements will change accordingly with locally identified threats and vulnerabilities. Implementing the wrong measures may prove costly, unnecessarily disruptive and may even alienate staff. Careful planning and specialist advice will always be necessary.
As a general guide, the following principles should be central to any decisions:
- It is not possible to protect everything so prioritise the areas to protect.
- Measures should be proportionate to the threat.
- Do not let the cost exceed the value of the asset being protected.
- Security is more cost effective when incorporated into longer-term planning.
Before taking any decisions, a full risk assessment should be undertaken within each individual location to understand the various threats and vulnerabilities and their potential impacts to help identify the most appropriate security response.
Crime Reduction Officers – who can be contacted through the local police service – can provide advice about general crime prevention. Organisations with a particular concern about being a target for terrorism should also make contact with their local Counter Terrorism Security Advisers.
The sections below outline some of the key physical, information and personnel security measures that organisations may choose to apply to reduce their vulnerabilities.