Creating A Security Plan For Your Business: How To Protect Employees And Assets

Every business should prioritise security of its people and assets, regardless of the size of the business, how large its premises are and what its operations are. Security threats come in many different forms and there is no business that is immune from them. The first step when addressing security issues is to create a security plan. This is a comprehensive study of the business and the security threats it faces, and a detailed plan as to how these risks should be addressed. 

Most businesses would create a security plan when opening a new facility, but a business could also develop a security plan when it has been identified that current security controls are inadequate, such as in response to a security incident or when changes have occurred to buildings or operations and additional security measures are required. 

What is a risk assessment? 

The central focus of a security plan is a comprehensive site risk assessment. This is a documented study of the site – its buildings, procedures, people and operations – to identify what security risks exist and what is being done to address them. A detailed security risk assessment will: 

• Describe all the buildings and operations of the business 

• List all the possible security threats that exist 

• Detail all the current security controls in place 

• Assess whether these current controls are adequate 

• Describe action required to improve on the current security controls 

Typically, the output of this risk assessment is a list of actions which, when addressed, should provide a comprehensive security system and suitably secure the premises, people and operations. The result will be a security plan to address all threats and eventualities, and which can be suitably documented. However, there are several other elements to consider when developing your security plan. 

What to consider when developing a security plan

A business won’t have limitless resources to address all security issues, nor is it sensible to implement certain controls without considering the practical consequences. When carrying out the risk assessment and formulating appropriate action plans, there should be a number of questions raised at the same time, such as: 

• What security solutions are suitable to address each security risk? 

• Are these temporary or permanent solutions? 

• Does a security solution work alongside our everyday operations? 

• Do the identified security solutions satisfy regulatory compliance and insurance requirements? 

• Can we secure sufficient resources to provide these security solutions? Such as a professional security services provider.  

• Have we considered digital security alongside physical security? 

• Have we identified all the assets of the business? (i.e. people, buildings, product, materials, tools and equipment and data) 

• Have we identified all the stakeholders impacted by security threats? 

• Have we considered both internal and external security threats? 

• Have we considered how we protect the business from natural disasters or terrorist threats? 

• Is there a suitable emergency response procedure? 

There may be other more specific considerations relating to your business which need to be included at this stage. But these are the most common issues relating to most businesses. 

What should a security plan include?

Once the risk assessment has been completed and the related considerations been made, it is time to document the security plan. This can take many forms and can follow a format in line with other related documents, such as quality plans and health, safety and environmental plans, but there are key elements which should definitely be included. These are: 

• Management commitment – top level endorsement of the plan 

• Defined responsibilities – such as emergency plans, key-holding and alarm response teams 

• A list of security controls – such as access control, security guards, mobile patrol, CCTV systems, waking watch 

• A site plan indicating where each security control is located 

• Communications – methods and responsibilities  

• Awareness and training – how all employees have the requisite level of security awareness 

• Compliance – how security controls satisfy regulatory requirements 

• Documentation – where policies and procedures can be found 

• Audits – how the security systems are monitored, audited, reviewed and amended for ongoing effectiveness. 

This is the basic framework of an effective security plan and following this will ensure the plan is continuously monitored and therefore continuously improved. This is the best way to ensure a security plan remains suitable and effective and adapts to new threats and changes to circumstances and operations.  

If you require any guidance or assistance with developing a security plan for your business, contact our security experts at Apardion. We have worked with many different organisations across the Scotland region and have adapted our processes to ensure businesses in many different industry sectors have an effective security plan in place, and therefore have their people and assets suitably safeguarded. So contact our team today.