Safer Edge’s approach to security is premised on two core values – integrated and inclusive security. When we talk to clients we describe more fully why we believe these are critical to any risk management system.
Security risk management can be mistakenly viewed as something which is technical, complicated and a part of the organisation which can only be outsourced to ‘experts’. And while there are technical and complicated parts of organisational security risk management it needn’t (and shouldn’t) be overly complicated. Security can also never be fully outsourced as this ignores the fundamental reality that risk is always owned by the organisation. While security experts can provide technical advice, guidance, tools and training they cannot own the risk. The organisation itself must do that and this means that there needs to be a security risk management system within the organisation – even if components of it are advised by external experts.
Beyond having a structured approach to security risk management, ‘integrated’ means that security is prioritised within every department or section of the organisation. Every part of the organisation will hold some security function and integrated security activities are not ‘siloed’ within the security department. For example, within the human resources (HR) department there should be interview questions about a potential staff person’s experience, and comfort, with insecurity if they are going to be asked to go to high-risk environments. There should be appropriate security training assessments made and kept. Within the finance department there should be standard operating procedures (SOPs) for moving cash and inclusion of security measures and trainings in budgets.
Just as security risk management is integrated and not entirely held by the security manager, or senior management, we believe that it should also be inclusive. Inclusivity means that security risk management responsibility is not entirely invested in security managers or external security ‘experts’.
The people who need to know the most about security are often those who face the sharpest end of risk. The people and places where the organisation actually ‘touches’ risk. And yet, many organisations keep security knowledge clustered at the senior management level or invested solely in security managers. Security decisions are made behind closed doors in a non-inclusive way. Personnel are told what to do and expected to do it. Lip service is paid to the phrase ‘everyone is responsible for safety and security’ but the drivers, cleaners, receptionist, translator and project assistants are given no actual responsibility for security. People in these roles can also be overlooked when it comes to security briefings and training. We believe that for security to truly work it must include everyone – everyone’s job description should contain appropriate responsibilities for security. Security communication happen in a way that will be most understandable (likely verbal and in a local language) to everyone. Inclusivity also requires that communication be an open channel which flows both ways. Those responsible for security need to listen as well as speak or direct.
There is certainly a place for security expertise and specialist advice – this is, afterall, what we do for a living. But, this expertise and advice must complement, or build the capacity of, the organisation to have integrated and inclusive security risk management. When security is fully integrated into an organisation it becomes an enabler of the organisation’s mission and vision rather than a restrictor. It ensures the well-being of staff and projects and the timely delivery of products and services by securing the organisation’s mission.
If you'd like to know more about what an integrated and inclusive approach to security looks like send us an email: firstname.lastname@example.org. We'd be happy to have a conversation with you!