[Surnames] 1

Private Security From Risk Management.

Alan Gabriel Gonzalez

Private Security Risk Analysis Working Group

 [Surnames] 2

INTRODUCTION .

This document seeks to establish the fundamental bases to exercise

correct managerial management in the operations area of private

security and surveillance companies, which must focus on risk

management both in the company's internal processes and in the

service positions of each of the clients that hire Security services,

making it clear that the scope and contribution to the organization of

each place depends on an adequate risk analysis of each process

within the Services.

The scope and contribution to the organization of each department

depends on an adequate risk analysis of each process within the

company, the applicable measures to reduce these risks and constant

monitoring to verify the effectiveness of the measures, as well as

studies of physical security that is provided to each of the clients and

the contribution of crime prevention and loss prevention.

 [Surnames] 3

Basic concepts.

Among the basic concepts that a security professional must

possess is knowing clearly that a physical security program is one that

must be in place within the company and is composed of the

following: detection elements, delay elements and protection

elements. answer.

As an example, cameras and sensors are detection elements, meshes,

natural and artificial barriers are called delay elements, and response

elements are security guards or human personnel, law enforcement,

canines, and procedures or protocols. It is important to highlight that

human beings are called positive barriers, as they are the only ones

who have the quality of detecting, delaying and responding.

Technological elements such as sensors have greater detection

capacity than a human being. However, human beings have the ability

to respond, so the security professional must not only know how to

locate and coordinate the three elements but also manage resources

and carry out adequate monitoring to have a security program that is

 [Surnames] 4

effective and also cost-effective.

At the same time, the importance of having clarity in different terms

that will be explained below is highlighted, since they have the vast

majority of security and surveillance companies in the country, the

same reason is not the most ideal since the service is only provided as

deterrent factor more like a strategic ally for loss prevention.

FRAGMENTED: Adding Ingredients without a coherent program,

that is, under the wrong criterion that more cameras, more sensors,

more security guards is more security, but without coherence between

them.

ONE-DIMENSIONAL: Based on a single measurement, example:

only video surveillance system or only Physical surveillance.

PACKAGED: Installing security systems because it was the package

that the company offered me.

INTEGRAL: Based on risk analysis and vulnerability assessment with

coverage of all aspects.

Physical security.

Physical security is the control system of tangible measures,

 [Surnames] 5

specially designed to protect physical and operational assets and

therefore the lives of people in an organization from previously

identified threats. Under this criterion, it is important to keep in mind

that the objectives of physical security are to control access,

prevention and deterrence, in case it occurs, have a continuity plan and

reduce the fear of crime since it is important to work in a safe

environment.

Physical security programs must have policies and procedures, that is,

short- to medium-term security objectives, such as reducing losses by

a certain percentage, people trained to monitor, manage and

implement the barrier system or safety devices. access control,

detection equipment, alarms and communications.

The recording and reporting of news and incidents that occur in the

services and keeping in mind that those who do not know history are

condemned to repeat it. It is very important to learn from the mistakes

of others or our own so that they do not become to commit.

Delve into in-depth programs that consist of two times which are:

delay time and response time, and these in turn contain the three

components that are: detection, delay and response, it is important to

 [Surnames] 6

clarify that we call the positive barrier that It is capable of fulfilling

these last three items and the only one capable of fulfilling this

objective is man.

When designing a security program, one should not only delve into

the restrictions, denials and limitations, but rather a good work

environment should be generated, so that people not only feel safe but

really are, for a Physical security is valuable and serves to reduce the

fear of crime, it must be effective and not only generate illusions or

false security. Countermeasures must be in accordance with the

environment, adopted under real measures, among which those that

contribute the most to reducing the fear of crime are lighting, parking

controls, CCTV, alarms, fire alarms and the good Posture of Security

Personnel.

The Study of Security.

The first step of a security study is the analysis of risks,

once the goals and responsibilities have been defined and

an organization has been created to carry it forward, the

 [Surnames] 7

immediate duty of this work is to identify potential losses

and develop and install appropriate security measures. This

security study process is called risk analysis.

Included in this approach is the concept of security with a

complete and integrated function of an organization, a part

of this work is the study of physical security to identify

potential problems and vulnerabilities. This comprehensive

view of the loss prevention function conflicts with some

customs of looking at security as partial and isolated points

Such as: security according to the analysis of a single risk,

such as the risk of intrusion, Fragmented security: Where

we advance according to needs, reactive security: measures

are only taken when presents some event but without

taking into account the risk analysis.

 [Surnames] 8

Risk Management.

The first step in risk analysis is the study of a threat, a

comprehensive security system is a high-cost operation, but compared

to investing money in research and development of the company, it is

investing in the future, investing in loss prevention is just spending

money to prevent something inevitable, although both investments

present risk, spending money on a product is dynamic and speculative

and this is a more interesting risk, property risks are generally

monitored or considered an evil. necessary, even when the risk is

identified, managers prefer to operate under the theory of calculated

risk and have forced security companies to assume productive

attitudes towards security, the two possible solutions that should really

be complementary are, 1st: Invest in loss prevention. 2nd: take

insurance.
 [Surnames] 9

A risk management program includes the following four basic steps:

• Identification of particular and specific risks or vulnerabilities,

analysis of risks, which includes the probability of impact of an

event, optimizing risk management alternatives which may be:

avoiding taking necessary measures to prevent it from occurring,

such as: movements of great appraisal at the same routine times

and days, since it gives the possibility of someone within the

company and organization notifying a criminal group to

perpetrate an offense against those assets.

• Distribute: For example, carrying the load in several trucks or in

different types of transport.

• Bank Transfers, to reduce Physical Money movements.

• Assume that in the event of an occurrence I assume the

consequences of the risk or the combination of all of the above.

 [Surnames]
10

General Process of a Risk Analysis

SAnirirad problem Interview sta

Risk Analysis and Compren s ic r E nip re 5 a. □ .vision of work,

Questions,
Evaluation Process. time, resources
organization
charts.
Blueprints.

Identification,
Study of
probability/frequency.
Security or
Criticality/Impact
Safety survey

Decision matrix

Physical analysis at the site Purposes of the study Current

security study Evaluate vulnerabilities □ Et ermine your risk
elements Recommendations
 [Surnames]
11

Structure .
 [Surnames]
12

Risk Analysis Within Security Companies

Within the risk analysis of the organization's processes, it must first be

determined which are the most common processes within the

company, related to the corporate purpose that is developed within

which the following processes will be analyzed in depth: strategic,

operational and support. Within the strategic processes, the

management management process and strategic planning of the

management systems must be analyzed, within the operational

processes, the customer relationship management processes and the

operations management process must be analyzed, within the support

processes, the human talent management process must be analyzed, all

under the focus and analysis of the risks of each one.

Which consequence is the result of an event expressed qualitatively or

quantitatively, such as a loss, injury, disadvantage or gain, there may

be a series of possible results associated with an event to which, as an

 [Surnames]
13
example, the following values were given of measurement.

Level 1 .

Insignificant, the consequences do not affect the Client in any way.

The losses or damages are not significant.

Level 2.

Minor, the consequences slightly affect the client's functioning,

small losses and damages in relation to the client's economic capacity.

Level 3

Moderate, The consequences partially affect the operation of the

company and/or the client, medium losses and damages in relation to

its economic capacity and/or assets. Level 4

Major, the consequences totally affect the image, the company

official temporarily, but not in a recoverable way, major losses and

damages.

Level 5
Catastrophic, The consequences totally affect the company and the

client, generating irrecoverable damage.

Within the customer relationship management process, the loss of

customers can be taken as an example of risk; among the possibly

detectable threats are poor attention to complaints and claims, the non-
 [Surnames]
14
existence of a customer service protocol. customer, and the poor

service provided by the personnel assigned to the service.

Detection, Delay and Response System.

Examples of detection are sensors, CCTV cameras, photoelectric

barriers, perimeter barriers, walls, electric fences, concertina, the

response is the security team, that is, the security guards and the

established protocols.

PPT Security Program

The PPT security program in its acronym in English: People

Procedures and Technology, is a program developed by AlliedBarton,

a private security company based in

Pennsylvania, which was established in 1957. It is made up of more

than 55,000 employees, who are divided among 120 offices

throughout the US.

The basically physical security program is made up of three

components: Technology, People and Procedures, one of the

 [Surnames]
15
additional components that when the previous three fail is called

emergency crisis management and investigations. The operations

manager must be able to carry out a security program for a specific

facility and propose solutions and improvements to existing security

systems.

VIP people

Its acronym in English: Very, Important, Person. Very important

person.

There are several obvious threats within the protection of VIPs,

terrorism and kidnapping, death threats, which have drawn the

attention of companies in order to prevent extortion situations that can

have high costs in money, image and production, organized crime

gangs around the world seek alliances with terrorist groups to obtain

political or economic objectives.

This situation requires improving day by day the techniques and

tactics used to develop security plans to reduce the chances of people

being victims of these crimes, however, regardless of the measures,

whether these people receive a large percentage of their security

 [Surnames]
16
depends. of its own actions, behaviors and safety culture that it

possesses.

The majority of people who have been kidnapped had not agreed to

receive a protection scheme because of the lack of it, which invades

their privacy and represents a change in their lifestyle and that of their

family, in addition to the economic costs, without However, in

countries like Colombia this has been influencing a change in attitude

in this regard. A personal protection program requires the following

steps:

Identify the specific threat, including the probability of kidnapping

and murder.

Reasonable security measures must be applied at the potential victim's

workplace.

Protection in residence should be considered.

Safety procedures and culture for travel within and outside a territory.

As a fundamental factor, daily checklists of vulnerabilities must be

made, checklist for travel, security in case of emergency, information

security, security in the office, security in the residence, security in

meeting places and public places, analyze and implement a low profile
 [Surnames]
17
in a hostile environment.
 [Surnames]
18

Emergency Planning

Emergency planning has three main objectives:

1st: Protection of People's Lives.

2nd: Protection of property in General.

3rd: Restoration of activities and operation.

The emergency management system or application of the response to

it must have an orderly tactical approach to the response, a response-

oriented development strategy remains within a limited sphere of

action and includes how to address the maintenance of the operation.

The Purpose of the plan: to anticipate problems, promote action plans,

resume normal operations.

Plan considerations: requires preparation time, must be written, define

responsibilities and actions, must be simple.

For the development of a complete emergency planning and

management process, primary objectives are initially developed, such

as: the design of a general emergency policy, the risks against each

danger are determined: fire, bomb, kidnapping, explosion, illicit. The

structure of the emergency organization is developed.

 [Surnames]
19

Conclusions.

This perspective of risk management contributes effectively to

the day-to-day work of the security professional, it serves to acquire

the ability to identify critical risks for clients and for an organization,

to assess them and give them effective and cost-effective treatment.

benefits, which brings continuous improvement as a contribution.

Clarity is given on the difference between a security group, security

program and protection plans and when each one will be applied.

The risk manager must know the application of each of the

management systems applicable to clients and companies and how

each one contributes to their benefit, the basic notions to integrate a

quality management system.

[Last names] 22