Organisations can develop security master plan internally or use the assistance of an independent security consultant |
Whether it’s a college campus, a healthcare facility or a large corporation, organisations often tackle issues related to security management, operations, programs and technology in a reactionary manner. They often fail to consider the need to plan and develop a written roadmap to define and provide direction for the big picture of their security programme.
This roadmap, oftentimes called a Security Master Plan, should be a well-thought-out document that includes input from important organisational stakeholders. It can be essential as a guiding document to “create a vision” for the future of the organisation’s strategic security approach. A Master Plan provides direction, overall guidance and is intended as a conceptual construct of what is projected for, and possibly needed, in the future.
Roadmap for security management
This document defines the standards at a high level, develops the direction for planning, and considers priorities based on need along with the culture and a sensitivity to budgetary concerns. However, this plan does not define the granular development of policies, processes, personnel training and security technology design. It does address each of these issues in a logical and organisationally sensitive manner.
Organisations can either develop this document internally or use the assistance of an outside, independent security consultant to develop the plan from an objective, unbiased perspective and to provide realistic expectations suited for the organisation. The right consultant can also bring real-world experience, lessons learned from other engagements and may have insights into technologies that end-users may lack.
Synchronisation with existing systems
However, the development of this plan should not be completed in a vacuum. Careful consideration and coordination with other key organisational stakeholders are critical. Stakeholders may even include other outside resources such as a security integrator. For example, an integrator or a product’s manufacturer may be called on to help understand, for example, that the access control system software version or platform may no longer be supported in the near future. Or to understand it’s time to seriously consider making that migration to IP video since DVRs are no longer supported. Additionally, the Security Master Plan should be in sync with the organisation’s overall Master Plan (if one exists) to ensure the corporate mission and visions are aligned, with buy-off at the senior management level.
A Security Master Plan is intended to be a dynamic, ongoing process resulting in the development of reasonable standards, based on the organisation’s assets, risks, threats, and vulnerabilities. The security standards developed should be flexible and scalable in order to meet ever-changing needs of an organisation.
A Security Master Plan is intended to be a dynamic, ongoing process resulting in the development of reasonable standards, based on the organisation’s assets, risks, threats, and vulnerabilities |
Identifying risks and threats
A Security Master Plan document is designed to provide the construct for the development of programmes and implementation of technologies that are reasonable and appropriate for the organisation over the next four to six years and to create the context for security programming for years beyond that. Although many recommendations will be applicable to the foreseeable future, it is vitally important the organisation’s assessment and planning processes continuously monitor the environment to ensure newly identified risks and threats are addressed in a timely manner. This is particularly important to organisations that use security technologies as a key component of their security programme. As technologies continue to change at a fast rate and new technologies are developed, it can be easy to fall behind. Therefore, maintaining updated information from trusted security contractors, consultants, and manufacturers is key to this process.
As the corporate facilities continue to be updated, the development and implementation of effective, appropriate public safety and security management strategies will be essential. The Security Master Plan provides the philosophical, standards-based construct for this ongoing effort and should be considered a living document with flexibility to address new challenges, changes in the environment and new and emerging technologies.
A Master Plan should be:
- Based on what is known and observed, what might be anticipated in the future and what might be considered as appropriate based on known or observed risks, threats, vulnerabilities, and best practices;
- Sensitive to the organisation’s culture, capabilities, and resources;
- Intended to address issues and programming from a holistic perspective;
- Intended to provide a foundation for enterprise-wide programme management.
It should not:
- Provide security technology design nor is it intended to provide a step-by-step process and thus is not overly specific;
- Provide specific verbiage for policies, processes or procedures.
As the corporate facilities continue to be updated, the development and implementation of effective, appropriate public safety and security management strategies will be essential |
Security and security technology planning in many organisations are oftentimes fragmented. Particularly in higher educational environments or because of corporate mergers and acquisitions, separate disparate technologies, policies, and processes may evolve with no interoperability. The development of the Master Plan is particularly important in this environment. It not only develops the planned approach to unification, but it can also lay out the path over multiple budget cycles and assist with Capital Planning efforts.
The Security Master Plan presents a number of interrelated concepts, each of which addresses specific security programming, policies and security technologies typically found within the organisation.
Underlying concepts included in the Security Master Plan are:
- Dynamic assessment and planning in an evolving environment;
- Enterprise-wide unified security and public safety programming;
- Standardisation of technologies and processes throughout the enterprise;
- Emergency planning and response;
- Development and implementation of active and passive security elements in both existing and new facilities, commonly found in basic CPTED (Crime Prevention Through Environmental Design) principles;
- Development of new and expansion of existing organisational partnerships;
- Programmatic and operational flexibility and scalability;
- Dynamic security improvement: implementation of best practices;
- Programme leadership and coordination under the auspices of a department of security and/or public safety;
- The transition from a primarily forensic to a functional security technology model.
As the corporate facilities continue to be updated, the development and implementation of effective, appropriate public safety and security management strategies will be essential. The Security Master Plan provides the philosophical, standards-based construct for this ongoing effort and should be considered a living document with flexibility to address new challenges, changes in the environment and new and emerging technologies.