Written by Head of Covert Testing and Quality Assurance, Andy Mason
Wherever security is required, whatever its purpose, it is critical to have a quality assurance framework to facilitate continuous assessment of the effectiveness of security systems and processes to be confident of its effectiveness. Regardless of the parameters of the security provision, its purpose, which must be aligned to clear security objectives, should be routinely tested, and assured to review and mitigate threats that could exploit any vulnerabilities.
Organisations need assurance that they are receiving the desired level of service they are paying for, and that their assets are being consistently and confidently protected. Where organisations are investing millions of pounds in equipment, resources and complex operations, they must be confident that the investment has mitigated those very risks the security provision was designed to deter. For many businesses, it is too often too late that they establish their security systems had significant vulnerabilities when it was subject to some form of attack. Robust quality assurance minimises the likelihood that a live incident is the first indication that there is a weakness in a security system or process.
Quality assurance operations should be routinely implemented to also assess the effectiveness of emergency response and protection measures. Aligning performance metrics from all security touchpoints with security objectives provides a clear picture of an organisation’s security ecosystem and its capability, as well as identifying early vulnerabilities therein. The entire security system needs to be analysed; this should include aspects that security is applied to such as people, vehicles, access control, CCTV, and infrastructure, as well as the relevant response options, communication protocols, typical patterns of life and use of external agencies.
Independent quality assurance via covert or overt testing has huge benefits because it identifies underperforming trends and their causal factors, based on progressive and accumulative security testing metrics that are collected on a regular basis. Whilst an organisation can identify risks and vulnerabilities during an audit, an independent quality assurance provider can take a holistic view and provide a broader illustration of ongoing issues and make recommendations for improvement based on vast experience, known industry trends, best practice and known vulnerabilities as well as the modus operandi of proven and emerging threats.
The provision of security across all sectors needs to be progressive to mitigate the risks of an ever-evolving threat landscape. Public places, indeed, any space where there are predictable ‘people concentration’, such as event venues and transport hubs outside of aviation, have become a target for terrorist attacks in recent years, with large-scale sporting events and major stadiums being prime targets for the terrorist of today. The most recent being at Moscow’s Crocus City Hall in March this year.
As highlighted in the Manchester Arena Inquiry, the periodicity of training to protect people in public places is equally as important as the initial training to maintain standards and to ensure staff are always ready when called upon. Being certified once doesn’t guarantee the skills, knowledge and behaviour required to respond to an attack 12 months later unless the initial certification is reinforced with frequent assessment and repeated refresher training courses.
Adding another dimension to the benefit of ongoing quality assurance is employee engagement and the strengthening of a positive security culture. A maintained programme of testing and feedback creates opportunities for employees to continue to develop their skills and encourage them to do their job better. Meanwhile, an organisation that is committed to continuous improvement of systems and processes will retain and attract employees that are similarly and personally committed to working to ensure the right outcomes are achieved first time.
To find out more about our Quality Assurance services, including covert and overt testing, speak to our security experts at sales@trustredline.co.uk or on +44 (0) 1302 288360, or visit our Quality Assurance page.