SECURITY REVIEWS
A Protective Security Review programme was conducted for a Crown entity at multiple sites across New Zealand. The purpose of the programme was to conduct a review of protective security to enable the client to meet its obligations under the Health and Safety at Work Act 2015 (HSWA). The Act requires the taking of reasonably practicable measures to protect the safety of staff, clients and the public who may be at risk because of organisation-related activities.
The objective of this Security Review programme was to provide the organisation with a greater understanding of their security and safety risks, as well as their duty of care to employees, clients and visitors, in accordance with the findings and recommendations of the WorkSafe New Zealand v Ministry of Social Development court judgment. It was also designed to align with some of the mandatory requirements of NZ Government’s Protective Security Requirements framework (PSR).
An organisational overview report was provided which gave an overview of the client’s protective security posture. This report also discussed common themes identified during the visit programme and made recommendations to mitigate risks and enhance the client’s protective security capability and performance.
Individual site reports were provided to give an assessment of the effectiveness of existing protective security measures commensurate to the identified threat, and specific areas of concern raised by staff who routinely work at each location. Where appropriate, recommendations were made to mitigate existing risks to an acceptable level, which allowed for an informed decision-making process, and a risk-based approach to the security and related safety risks faced at each location. These reports were site specific for use as standalone reports, and included identified security vulnerabilities which were deemed to create risks to the organisation’s assets. In order to mitigate the identified threats and vulnerabilities, recommendations were made to enhance physical security measures and procedures.
The methodology used was an adaptation of security risk management best practice for security and resilience. This was driven by an initial assessment of the general threat environment and identification, where possible, of the specific types of threat potentially faced by each location. Once the threat environment was understood, a review of existing mitigation measures was assessed at each site against a security system’s core functions. The outcome of these two assessments identified areas of vulnerability, with recommendations subsequently made to enhance the security posture at the organisation’s sites, both in terms of steady state mitigation and contingency planning to meet periods of heightened threat.