With a combined background of having worked in the public sector (NSW and Australian Government agencies) and private sector, our security governance framework offering observes key elements of the Australian Governments’ Protective Security Policy Framework (PSPF) in addition to contemporary Australian Standards and industry codes of practice.
Our overarching approach to security governance begins by assisting client organisations with identifying individual risk tolerance levels (risk appetite), identifying and implementing the required protective security standards and importantly fostering a healthy security culture that are all designed to assist organisations reach their business goals.
We can assist you manage your security risks proportionately and effectively which will enable you to provide the necessary protection of your people, information and assets.
We can assist you understand, prioritise and manage security risks in order to prevent harm to your resources and disruption to business objectives, which if left untreated may adversely affect the ability of your organisation to achieve its business outcomes. To do this, protective security should form part of any organisations culture, practices and operational plans. Ideally, protective security should be incorporated into an organisations process from the outset rather than implementing it as an afterthought.
Developing a Security Culture
We can assist your organisation develop and maintain a healthy security culture, which is the foundation of implementing a robust protective security overlay for your business. We understand the importance associated with all areas of the business providing input and having an opinion when it comes to the development and implementation process. Whilst it is important for security programmes and measures to be supported by senior management, measures that are only imposed from the top down, without collaboration or consultation with the end users are unlikely to enjoy longevity.
If required, we can also assist with staff training and education sessions as part of the overall programme implementation strategy.
Security Risk Management
Security risk management is the business of each staff member including contractors, in any organisation. Risk management, including security risk management, is part of day-to-day business and is a process for managing security risk in a logical and systematic way.
It should form part of the standard management process of the organisation, and changes to the risk and threat environment should be continuously monitored and where necessary, adjustments made to maintain an acceptable level of risk and a balance between operational demands and security requirements.
In this regard, we can provide Security Risk Management advice that will identify, analyse, evaluate and treat risks within your organisation. All risk management principles and strategies used as part of any risk assessment conducted by us is in accordance with the latest risk management principles and guidelines (AS/NZS ISO 31000:2009) e.g. in addition to relevant and contemporary Australian and/or International standards and codes of practice (e.g. Work Health and Safety Act 2011 and Privacy Amendment Act 2012).
We will take great care to understand the nature of your business and any issues that your organisation may be facing. Importantly we will develop risk criteria that is relevant to your business operations. Our risk identification phase also includes an assessment of your compliance with relevant legislation, policy and codes of practice.
Following the identification of key risks we will analyse those risks and determine their level. We will then work with you during the evaluation phase to determine a priority order for risk treatment.
We will collaborate with you to find practical and effective treatment options and help you manage the implementation of those options in order to realise maximum benefits. We can also tailor a business case and treatment plan to support your risk management strategies.
We can assist in the process of managing your staff to assist in the protection of your organisation’s people, information and assets. We can tailor the approach to your personnel security programme which should be comprehensive, and encompass a range of measures at various stages throughout an employee’s career, from pre–employment screening through to ongoing personnel security measures.
An important element of a comprehensive protective security strategy includes information security both in terms of protecting IT systems and as importantly, hard copy information. We can develop and implement protocols to be applied in conjunction with your other governance activities, strategies and business plans.
Physical security is a combination of physical and procedural measures designed to prevent or mitigate threats or attacks against people, information and physical assets.
We can certainly provide independent advice in relation to electronic security measures such as closed circuit television (CCTV), intruder detection (alarm) and access control systems. Our recommendations in relation to the use of such systems are based upon risk mitigation and therefore will only be recommended where a specific risk or need has been identified.
Creating the right physical security environment within your organisation is important. In line with the PSPF we recommend adherence to the following core principles and in collaboration with your business, we can assist you achieve them. These include:
1. Providing clear direction on physical security through the development and implementation of appropriate policy and addressing physical security requirements as part of an overall security plan.
2. Identifying, protecting and supporting employees under threat of violence, based on a threat and risk assessment. Reporting security incidents (e.g. HR, security, police etc) and maintaining comprehensive records. Providing appropriate information, training and counselling to employees.
3. Integrating protective security measures as early as possible in terms of planning, selecting, designing and modifying facilities.
4. Ensuring that any proposed physical security measure or activity does not breach work health and safety obligations.
5. Maintaining a duty of care for the physical safety of clients, customers, and contactors etc who interact directly with the business.
6. Minimising or removing the risk of information and ICT equipment being made inoperable or inaccessible, or being accessed, used or removed without appropriate authorisation.
7. Developing plans and procedures to enable an escalation to heightened security levels in case of emergency and/or increased threat.
For further information or an obligation free discussion, please contact us.