Menu Close

Benefits Provided by a Professional Security Vulnerability Assessment (SVA) for Municipal Clients

1). Correct Threat Level Identification:
It is important for any entity to understand the realistic “enemy” in terms of credible Threat Level, or in simple terms, the who or what that one should be protecting themselves from.

There is a significant difference, both financially and manpower-wise between protecting facilities from a State Sponsored Terrorist Group as opposed to dealing with theft, or other form of criminal act, or a disgruntled employee intent on making a statement against their employers.

2). What To Protect Most (Critical Assets):
As with (1) above, it is also important to identify those Critical Assets that must be protected at all costs (those assets that if compromised, are likely to have the most serious consequences for the organization), given that it is not possible to protect everything.

It is unfortunately true that it is not possible to protect all assets for financial and logistical reasons.

3). Security Design Criteria:
There is no such thing as guaranteed 100 percent security (the ingenuity of the human mind precludes such a goal), and thus it is vitally important to have Security Design Criteria (those specific reasons as to why a certain security system was installed in place of another, and/or why security devices such as cameras and access control readers were placed at certain locations and not at other points within a facility).

A professional SVA will identify such Security Design Criteria, and allow an entity to defend itself against alleged wrongdoing in the event of an incident.

4). Findings & Recommendations:
Perhaps the most important section of an SVA, as this section provides an invaluable assessment of those issues most likely to have serious consequences for the organization.

The assessment of such issues is based on both security industry experience over more than 25 years, and is further based on experience with current and pending legislation.

Recommendations will also illustrate cost/effective and reasonable methods of addressing such issues, while limiting the security solutions to those necessary to meet specific requirements and/or legislation. A professional SVA prevents “overkill” and excessive cost in dealing with security issues.

5). Legislation:
Since “9/11” there has been extensive Security Legislation (see attached list of Security Legislation) covering many industries, as well as the eight Key Infrastructures identified by the U.S. Government in 1998. Substantial new security legislation is either going through the “House” at this time or is pending.

It should be noted that the majority of security legislation requires an SVA as the first stage of such requirements.

It would appear that much of the new security legislation will be modeled on the Department of Homeland Security’s CFATS requirements which include both stringent regulations and penalties for violators of the legislation.

A professional SVA takes into account all current legislation that might apply to an organization, as well as looking at the potential effect of pending legislation so that an organization has time and flexibility to incorporate reasonable solutions into their medium and long-term planning.

6). Federal Grant Funding:
There is considerable Federal Grant Funding available at this time for many different areas of a Municipal entity which might range from training grants for the Police and Fire or Emergency Departments to very specific grants related to security, environment, corrections, information technology, schools, higher education, and other areas. A professional SVA is often the single most important document supporting such Grant Applications.
7). Customer Confidence:
Many commercial organizations have utilized an SVA as a means of increasing their customer’s confidence in their ability to provide reliable and protected services and/or product.

By instituting an SVA and them commencing an appropriate implementation program concerning the agreed recommendations of the SVA, the organization has then communicated such actions to their customers as further reason for the customer to have the utmost confidence in their chosen supplier of goods and services.

In a municipal environment, it is particularly important for the community served by the municipality to have faith and confidence in the provision of expected services, especially during an emergency situation.

Loss of Public Confidence with a municipal group or department can have very serious consequences, and is a major terrorist goal.

8). Counter Liability:
In the event of an incident within a municipality, there will almost certainly be a law suit following alleging Negligence or even Gross Negligence. The inability of the municipal organization to demonstrate that they had already carried-out an SVA by a qualified party is likely to be seen as an immediate example of the failing of the organization.

Note: It should be remembered that the implementation of SVA recommendations is not governed by a precise time period, and from experience, many recommendations can be instigated using existing manpower with minimal cost. Thus, it will be exceptionally difficult for any defense team to prove any form of negligence where an SVA was performed, and where at least a part of the implementation program is shown to have been underway.

An SVA specifically addresses situations which may be considered liable for the client.

9). Insurance Compliance:
An SVA will provide evidence to any insurer that their client has taken steps to prevent possible liability including negligence and gross negligence, as well as meeting legislation requirements, and identifying potential security problems.

Provided that there is some intent to implement recommended measures over a period, the client may see a discounted insurance premium, or avoid a substantial increase in the insurance premium in the event that they have nat carried-out an SVA.

10). Development of a Phased Solution:
An SVA provides an opportunity for a client to address potential security problems in a flexible manner, and over a phased implementation period. In many cases, it is possible to develop a phased timetable of implementation based on asset protection priority, and over several years.

It also allows a client to incorporate security requirements, whatever they might be, and whether it is to meet legislation or prevent possible liability, over a period of years, thus easing the financial strain of having to meet security requirements in a hurry following an incident, etc.

11). Emergency Planning & Preparedness:
One of the byproducts of a professional SVA is typically the updating of any Emergency Response Plan, not to mention the correct identification of critical assets within an organization or municipality.

Knowing the full extent of potential consequences of given actions, a municipality is thus able to better respond to an emergency with appropriate resources at minimal cost, and to be able to demonstrate their overall preparedness for such emergencies.

12). Measured Response:
Where an SVA has identified correctly, the credible Threat Level, and Critical Assets, and likely consequences of criminal, terrorist, or negative insider actions, the municipality can deploy the appropriate resources to address a situation.

From experience, the measured response is likely to be far more effective, and also likely to be more cost/effective taking into account the findings and recommendations of an SVA than it would be without the benefit of such information.