Risk assessment in protection of persons, assets and business operations
Regulation on mandatory security of facilities (Official Gazette of the Republic of Serbia, No. 98/2016) defines more closely obligations of companies and other subjects categorized as obligatory elements of risk assessment.
Risk assessment in protection of persons, assets and business operations guarantees high quality results in the security system.
A quality risk assessment guarantees high results in building a security system and thus the choice of an assessor is very important, so that the security needs can be viewed adequately from the very beginning. ”Absolut Support” treats risk assessment in protection of persons, assets and business operations as priority consulting activity and accesses identification of all hazards and system specificities thoroughly, without a ”copy – paste” solution which are very common both in the protection service market, as well as in a number of existing procedures in many companies.
Risk assessment in protection of persons, assets and business operations in the widest possible sense means not only analysis of the security situation in an organization, but also verification of functionality and efficiency of all elements constituting the protection system. In a process so complex, it is necessary to engage an experienced consultant who would apply not only standard methodology but also simulation of negative scenarios with the purpose of checking protection system efficacy and determining system vulnerability points which require improvements and changes.
With the development of assessment, i.e. finding answers to these questions, a complete picture of security situation of a system is formed, all the risks are presented and graded on the scale of probability, frequency and size of potential damage, and specific solutions are offered, security policy of the company is defined, security measures are prescribed, procedures and work instructions are defines and further protection plans are developed.
”Absolut Support” possesses great experience, relevant professional knowledge and uses state-of-the-art models and up-to-date standards (Standard ISO 31000 and national SRPS A.L2.003:2017) for risk assessment, which will enable you quality and timely review of threats and hazards against your assets and valuables, while at the same time offering you optimal solutions to build a system of corporate security and measures of physical and technical protection.
Emergency Situation Rsk Assessment
We all witness how natural disasters and other natural and technical-technological disasters can have negative consequences on activities of economic and social systems, as well as on the society as a whole. The collection of such risks must not be underestimated or forgotten, even in the case when a time interval since the last occurrence of an emergency event is relatively long. That is why the legislator has prescribed mandatory assessment of natural disasters risk and defined that all legal subjects in the state must define and prepare their own capacities for the purpose of protection of persons, assets and business operations for periods when a threat or emergency situation is actualized.
In order to protect ourselves from natural disasters and other accidents, it is necessary in the first place to perform an adequate assessment of emergency situation risk, and then develop a protection and salvation plan for emergency situations.
In accordance with the Law on Emergency Situations of the Republic of Serbia, all legal persons, companies, associations and public institutions are obliged to perform a professional assessment of risk of natural disasters and other incidents, and then develop Plans of protection and salvation (Official Gazette of the Republic of Serbia, No. 111/09, 92/11 and 93/12). More detailed references are defined in the Instruction on methodology for development of assessment of risk and plans of protection and salvation in emergency situations (Official Gazette of the Republic of Serbia, No. 96/2012).
Emergency situation risk assessment identifies all the existing hazards, sources and manifestations of dangers, possible consequences, risk assessment, resource and protection measures analysis, preventive measures as response to threats for protected values caused by natural disasters and other accidents, protection and saving lives and health of people and animals, protection of material, cultural goods and environment.
”Absolut Support” has professionals on its team, who specialize and hold licenses issued by the Ministry of Interior for development of danger assessment and plans of protection and salvation. Upon a client’s call, our professional team has the possibility to perform preparatory analyses, gather necessary data and start development of danger assessment of natural disasters and other accidents, as well as plans of protection and salvation.
Business Continuity Management
To provide business continuity, i.e. business continuity management – BCM – it is one of the primary tasks of each management, and at the same time the condition of market competitiveness, as well as survival of a company. The company must be aware of all risks which may stop business operations and timely prescribe procedures and work instructions which enable preservation of vital business functions necessary for the system to keep its status active and continue communication with the market.
If a company in its information systems has only one critical point from which business support is operated, breakdown of this point can cause the whole system to stop working, which is a serious security threat, often neglected due to priorities in cutting down costs or simply because of lack of awareness of possible negative consequences.
That is why the security standard in IT, as well as the basic advice for companies, is to form a backup point/position/site where data as well as functions would be backed up and from where, in an event of an incident, some natural disaster like fire, flood, earthquake or chemical incident of great scale, recovery of business operations could be performed from the backup data center.
Successful and responsible companies have more than one backup locations, but one is certainly a must in order to even start development of BCM.
”Absolut Support” specializes in developing plans for business continuity management. It is a document comprising of procedures for provision of smooth and continual operations of all significant processes and systems. An integral part of this plan is a business plan in case of unforeseen events, which defines technical and organizational measures for re-establishment of business operations as soon as possible, i.e. for mitigation of consequences of discontinues business activities.
The aim of a Business Continuity Management Plan is to offer practical advice for responding of employees and management in cases of unforeseen events and to reduce the time needed for making decisions regarding provision of business continuity and establishment of normal business operations as soon as possible.
A Business Continuity Management Plan is applied on the primary location, secondary location and in the whole organization, as well as on the Disaster Recovery location (backup location).
A Business Continuity Management Plan is developed on the basis of an analysis of business processes in an organization, so that it clearly defines which events may cause occurrence of an emergency situation and disturbances in business operations, and which may partially or completely disable the business process.
Events which may in any way disturb business activities are classified in three basic groups, as follows:
- Events which depend on external factors / suppliers;
- Events which may occur while performing everyday business processes;
- Unforeseen events which may occur due to natural disasters, accidents, fires, emergency situations declared by the state and technical-technological incidents.
Contact us and make an appointment for consultations.
Successful business activities of a company is hard to achieve if the precondition of adequate protection of the whole information system (hardware and software), the network and data base, has not been met, i.e. if the complete information system security has not been achieved. Information outflow or damages in the IT system, i.e. situations in which information security is threatened, may cause delays in work, make communication hard, cause serious business losses, compromise the brand and image of the company, even lead to its destruction.
The response of the company and other systems to these situations in which information infrastructure is under attract must be quick and, which is the most important, ready, so as to defend them and minimize potential damage.
Intrusions of computer viruses and other harmful software can be very costly for companies, even several time more than planned by projections of financial investment in protection and prevention measures, which management, with the excuse of cutting down expenses, refuses when the security budget is made, which is a usual scenario in the regional market.
Most often risks aggravating information systems are:
- IT infrastructure attacks
- Identity thefts
- Social engineering
Building a security policy of generating passwords must be performed vertically throughout the organization and significantly reduce risks, taking into account that the procedure does not interfere with the speed of work of specific sectors and efficiency of business processes.
For ”Absolut Support” one of primary security fields is the very information security, so you have our specialized services at your disposal, some of which are:
- Building an information security system;
- Security policies and strategies management;
- IT risk assessment and checking system vulnerability / Penetration test;
- Revision of IT security procedures;
- Business Continuity Management – BCM;
- Business Continuity Plan – BCP;
- Education and training of employees;
- Encryption of mobile devices;
- Legislative harmonization of IT security.