Priority on Prevention; Planning for Responsiveness
There seems to be something of a conflict when a competent security team plans for reacting to a security failure. However, when the issue is seen in the proper context, it is simply impossible to eliminate all risks in today’s environment. The basic concept of effective contingency planning is to both control and mitigate the effects when those risks become reality.
In fact, international standards, such as the ISO/IEC 27000-series, and the U.S. federal government make CP an essential element of corporate management. There are many aspects and roles involved with security contingency planning, including:
- Physical structure and assets
- IT resources
- Digital and printed records of individuals and customers
- Intellectual property protection
- Multi-threat assessment (theft, natural, terrorist, pandemic, etc.)
The basic goals of any effective contingency plan are to 1) provide an effective response, 2) contain and minimize the resulting damage, 3) address recovery and business continuation issues.
Expanding Responsibilities and Complexities
With the complexities of modern business, virtually every potential disaster and/or security breach involves far more than the security personnel. Multiple departments are now involved in many aspects of contingency planning.
For example, in the case of a IT breach and the loss of customer records, today’s response team includes legal, marketing and even customer service personnel. Having predetermined these teams allows immediate response to any such problem. The marketing team will have to handle the loss of confidence in the marketplace, the customer service personnel will be briefed on how to respond, and the legal department begins the steps to minimize legal liabilities.
Additionally, the security forces play a new role in modern contingency planning. One of the most important aspects of handling any breach is the documentation of the cause and an ongoing, real time monitoring of the circumstances. If a physical breach occurs, accurately recording the circumstances at the site and the timeline are both essential steps.
This is the reason why we use JDS LiveTrac which provides such real time capabilities of audio, text, and image capture to both facilitate the response and document the details for future reference.
Making the Process Work
As with any planning effort, the more detailed the process, the more effective the results. Like insurance, you hope to never need those plans. However, again like insurance, there is simply no replacement for them when a security breach or disaster occurs.
There are several ways to enhance the value and practicality of your planning process. These include:
- Study actual situations from your industry or related businesses. Ask, what were the lessons learned?
- Conduct at least annual simulations of various scenarios, with the entire response team sitting together to evaluate the plans in place
- Call on experts who do CP for a living. Ask for evaluations and critiques of your plans.
You may not be able to prevent or eliminate every potential risk to your facility and/or business. However, contingency planning can ensure you aren’t caught short with the ability to respond to a problem when it does occur.
If you want to learn more about JDS LiveTrac and how our real time reporting technology helps mitigate risk and liability, and could save you money on your liability insurance premiums, then contact us today and we will walk you through all the benefits for your business.
Danny Garcia, Owner, JDS Exclusive Security