Focus

Focus Archive

Good Security Practice... time to do your risk assessment

December 2004

The following guidance is given by the UK Security Service (MI5) - and will be of use to you if you are considering how up-to-date are your business continuity plans. These 10 guidelines are useful reference points for businesses or organisations to consider as they put new security measures in place.

Many of guidelines will help protect against crime as well as terrorism and other security threats.

  1. Take time to carry out a risk assessment. What kind of threats might you be facing? What is the likelihood of these happening? Where are your vulnerable points? Seek counter terrorist advice through the Counter Terrorist Security Advisor (CTSA) at your local police force.
  2. If you are building or acquiring new premises, try to plan your security measures from the outset. This is likely to be more efficient (in both time and expense) than adding on security measures at a later date.
  3. Make security awareness part of your organisation's culture. Put someone at Board level in charge. Arrange regular briefings for staff on what they should be looking out for, and keep notices up-to-date. Take your staff seriously if they identify potential threats. Train staff in emergency and evacuation procedures, and rehearse them regularly. Give more specific training to anyone you think might have to handle a bomb threat.
  4. Ensure good basic housekeeping in and around your buildings - for example, keep public areas tidy and well-lit, remove any unnecessary furniture, keep garden areas free from dense shrubbery.
  5. Look at the access points to your premises. Keep them to a minimum. Consider introducing passes for staff and procedures for booking in visitors and contractors. Searching of bags may also be desirable but, as with other measures, should be proportionate to the threat and also carefully explained to staff. Look also at vehicle access and parking arrangements. Consider introducing a barrier system, and arranging your car park so that unauthorised vehicles cannot get close to your building.
  6. Consider the range of physical measures - locks on windows and doors, CCTV, alarms, lighting - and install them according to your circumstances. Ensure they are working and arrange regular checks.
  7. Look at your mail-handling procedures. Consider setting up a mailroom away from your main premises, and train staff in emergency procedures.
  8. When recruiting staff or hiring contractors, ensure that they are who they say they are by checking documentation. Follow up references. Once employed, follow good employment practice and in particular ensure that staff have the opportunity to voice grievances and concerns.
  9. Look at how you might protect your information. Ensure that those who supply, operate and maintain your IT systems are reputable and reliable. Possible security measures range from enhanced IT security to disposing carefully of any confidential waste.
  10. Plan now for Business Continuity - how you will continue to function if something happens which means your premises or IT systems are out of action.

The above guidance is by definition general. You will need to tailor it to your individual circumstances based on your own assessment of the risks you face. The Service accepts no liability for the information contained in this area.

www.cpni.gov.uk/Security-Planning/Business-continuity-plan

Other sources of information: