Security Policies and Procedures…
Even if all physical, electronic and CPTED (Crime Prevention Through Environmental Design) solutions have been addressed, the issue of policies and procedures remains as an essential final element of the security plan.
- Existing Policy Review: Our experience with many Clients has indicated that security policy documents are not always clearly identifiable. The term “policy” would seem apparent; but there are often documents within the organization that do not take on the persona of policy. Employee handbooks, orientation programs, web-content and even memorandums are often identified as policy — particularly if more formal policy documents do not exist. Through a formal “Document Request” SDLLC will attempt to identify such documents as well as more policy-purposed documents.
- Security Practices: The term “practice” in this context relates to how employees are presently dealing with the security issues identified as problematic. In some cases the practice may be acceptable and can be easily codified into policy; while in others, the practice itself is contraindicated and should be adjusted to accommodate appropriate security practice before documenting it into policy.
- Security Policy Administration and Management: A considerable risk of third party litigation is present when a policy intended for the safety of occupants (including invitees) remains unenforced; not kept current; or not provided at all. In order for such policies and procedures to work they must be administered. This task seeks to identify who should be engaged in policy development, review, training, enforcement and approval.
- Compliance Issues: All corporate and institutional organizations are obligated—either by law or standard business practice– to issue some form of policies for the safety and security of their constituencies; still others elect to comply with “best business practices” that may mandate or at least imply policy development. These requirements need to be identified and prioritized in the policy development process.
- Communication and Distribution: Policies and procedures can only be enforced if they are written and communicated to the appropriate members of the organization. There are many contemporary methods available for this purpose from simple printed documents, brochures and flip charts to web sites and smart phone applications that can be customized for each occupant and their roles within the organization.