A security assessment encompasses that CERTA, based on a specific threat assessment of the company, reviews, analyses and assesses the company’s security level and security measures. Following that, CERTA performs a closer analysis of the company’s security related costs in order to identify possible optimisation strategies. This results in an assessment and set of recommendations, which CERTA can help implement.
CERTA has specialised in providing independent and qualified assistance to companies concerning the handling of security-related threats and risks. Our assistance can either be in the format of a single assessment or in the form of a yearly security assessment for use by company management.
The aim of a security assessment is to ensure that the company:
A security assessment is especially relevant in cases when the company wishes to be reassured that it is adequately protected, when it wishes to demonstrate diligence in handling security-related threats and risks, and when it wishes to prove that it has effectively allocated its resources in the security arena.
The security assessment can cover an entire company or a segment within it, such as a production facility abroad, just as the security assessment can focus on one or several security-related areas including:
CERTA offers three types of security assessments:
Security Survey
Security Review
Security Audit
A Security Survey or Security Review will cover either the entirety or select parts of the company, along with particular segments of a company’s security areas. Security Evaluations or Security Audits are relevant when the company is focused on building and developing its security, for example, in light of particular security-related threats. The Review and Audit also supply an evaluation of whether the company has reached its goals and whether the implemented measures work as intended. A Security Audit also encompasses, beyond an evaluation, a security inspection based on relevant standards.
A company’s management must pay increasing attention to the fact that their company can be impacted by security-related threats such as terrorism, political extremism, espionage and organised crime, including cyber-crime.
This development poses new strategic challenges to company leaders. At the end of the day, it is the responsibility of the management to ensure that they have an effective security risk management policy and that the necessary measures are taken to best protect the company along with its assets, activities and reputation.
A responsible corporate management must necessarily ask itself the following questions:
Corporate management is responsible for the overarching strategic direction of the company as well as for safeguarding a responsible organisation, which complies with the required procedures for risk management and internal controls. According to workplace regulations, the dereliction of this duty can lead to the obligation to pay damages.
It can be complicated for management to collate a global and coherent overview of a company’s security situation or to decide which information is needed in order to create such an overview.
The handling of security related questions by corporate management often happens in a fragmented manner and without the necessary strategic focus, making it difficult to fulfil tasks and duties regarding the company’s security.
When handling the company’s security, management must regularly and systematically ensure that the company is protected in an adequate manner with regards to the current threat environment. They must also make certain that there is no display of negligence in the company’s handling of security-related threats and risks, and prove that it has effectively allocated its resources in the security area.
These assessments typically require insight and skills that companies do not have to an adequate extent in-house, and it can therefore be both necessary and appropriate to seek independent and qualified assistance. This is particularly true when decision-making requires an evaluation of the company’s own efforts.
CERTA has specialized in providing independent and qualified assistance concerning the handling of security-related questions by corporate management.
CERTA can offer to perform a yearly assessment of a company’s security, which provides corporate management a basis for deciding whether the company is adequately protected against security-related threats and risks.
The yearly security assessment implies that CERTA, based on a specific threat assessment of the company, delivers a review, analysis and assessment of the company’s security level and security measures, the company’s security organisation, contingency planning and crisis management along with its security culture. As a rule, the assessment will include an evaluation of the relevant strategies, policies and plans. Furthermore, a closer analysis of the company’s security related costs would be carried out in order to identify optimisation possibilities. All this leads to an assessment and concrete recommendations, which CERTA can assist the corporate management with implementing.
The yearly security assessment, developed in collaboration with the company, can be adapted to the specific wishes and needs of the corporate management, just as the security assessment can be adapted to focus on specific areas of importance for the company’s security.
As a rule, the yearly security assessment is performed alongside a security audit, based on the relevant standards.
Furthermore, as part of the yearly security assessment, it is possible to conduct inspections, testing or training in relation to specific segments of the company’s security.
The yearly security assessment will, depending on the circumstances, also involve and consider other evaluations of importance to the company’s security, such as an IT audit.