Security Assessments — Certa intelligence & security

Security Assessments

Security Assessments

A security assessment encompasses that CERTA, based on a specific threat assessment of the company, reviews, analyses and assesses the company’s security level and security measures. Following that, CERTA performs a closer analysis of the company’s security related costs in order to identify possible optimisation strategies. This results in an assessment and set of recommendations, which CERTA can help implement.

CERTA has specialised in providing independent and qualified assistance to companies concerning the handling of security-related threats and risks. Our assistance can either be in the format of a single assessment or in the form of a yearly security assessment for use by company management.

The aim of a security assessment is to ensure that the company:

  • Has a clear overview of security-related threats and risks which are relevant for the company,
  • Can take the necessary measures to protect the company as thoroughly as possible against these threats and risks and,
  • Is capable of effectively preventing and handling security-related events and thereby limit potential damage to the company.

A security assessment is especially relevant in cases when the company wishes to be reassured that it is adequately protected, when it wishes to demonstrate diligence in handling security-related threats and risks, and when it wishes to prove that it has effectively allocated its resources in the security arena.

The security assessment can cover an entire company or a segment within it, such as a production facility abroad, just as the security assessment can focus on one or several security-related areas including:

  • Physical security
  • Personal protection
  • Cyber and information security
  • Travel security
  • Security in regards to insider threats
  • Contingency and crisis management
  • Security organisation and other security-related support

CERTA offers three types of security assessments:

Security Survey

  • Threat assessment
  • Mapping of the company’s security
  • Recommendations
  • Assistance with implementation

Security Review

  • Threat assessment
  • Mapping of the company’s security
  • Impact and vulnerability analysis
  • Risk assessment
  • Review of security level and security measures
  • Recommendations and action plan
  • Assistance with implementation

Security Audit

  • Inspection
  • Test and training
  • Evaluating
  • Audit
  • Recommendations
  • Assistance with implementation

A Security Survey or Security Review will cover either the entirety or select parts of the company, along with particular segments of a company’s security areas. Security Evaluations or Security Audits are relevant when the company is focused on building and developing its security, for example, in light of particular security-related threats. The Review and Audit also supply an evaluation of whether the company has reached its goals and whether the implemented measures work as intended. A Security Audit also encompasses, beyond an evaluation, a security inspection based on relevant standards.

Yearly Security Assessment for Corporate Management

A company’s management must pay increasing attention to the fact that their company can be impacted by security-related threats such as terrorism, political extremism, espionage and organised crime, including cyber-crime.

This development poses new strategic challenges to company leaders. At the end of the day, it is the responsibility of the management to ensure that they have an effective security risk management policy and that the necessary measures are taken to best protect the company along with its assets, activities and reputation.

A responsible corporate management must necessarily ask itself the following questions:

  • Does the company have a full overview over the security-related threats and risks which can affect it?
  • What would the consequences be and how vulnerable is the company in the case of a security incident? Are the company’s security organisation and contingency plans adequate and well-functioning?
  • Is there an adequate level of security and security culture? Are the necessary and appropriate security measures in place?
  • Does the company allocate its security-related resources effectively and aptly, also in relation to its security suppliers?

Corporate management is responsible for the overarching strategic direction of the company as well as for safeguarding a responsible organisation, which complies with the required procedures for risk management and internal controls. According to workplace regulations, the dereliction of this duty can lead to the obligation to pay damages.

It can be complicated for management to collate a global and coherent overview of a company’s security situation or to decide which information is needed in order to create such an overview.

The handling of security related questions by corporate management often happens in a fragmented manner and without the necessary strategic focus, making it difficult to fulfil tasks and duties regarding the company’s security.

Security Assessments

When handling the company’s security, management must regularly and systematically ensure that the company is protected in an adequate manner with regards to the current threat environment. They must also make certain that there is no display of negligence in the company’s handling of security-related threats and risks, and prove that it has effectively allocated its resources in the security area.

These assessments typically require insight and skills that companies do not have to an adequate extent in-house, and it can therefore be both necessary and appropriate to seek independent and qualified assistance. This is particularly true when decision-making requires an evaluation of the company’s own efforts.

CERTA has specialized in providing independent and qualified assistance concerning the handling of security-related questions by corporate management.

CERTA can offer to perform a yearly assessment of a company’s security, which provides corporate management a basis for deciding whether the company is adequately protected against security-related threats and risks.

The yearly security assessment implies that CERTA, based on a specific threat assessment of the company, delivers a review, analysis and assessment of the company’s security level and security measures, the company’s security organisation, contingency planning and crisis management along with its security culture. As a rule, the assessment will include an evaluation of the relevant strategies, policies and plans. Furthermore, a closer analysis of the company’s security related costs would be carried out in order to identify optimisation possibilities. All this leads to an assessment and concrete recommendations, which CERTA can assist the corporate management with implementing.

The yearly security assessment, developed in collaboration with the company, can be adapted to the specific wishes and needs of the corporate management, just as the security assessment can be adapted to focus on specific areas of importance for the company’s security.

As a rule, the yearly security assessment is performed alongside a security audit, based on the relevant standards.

Furthermore, as part of the yearly security assessment, it is possible to conduct inspections, testing or training in relation to specific segments of the company’s security.

The yearly security assessment will, depending on the circumstances, also involve and consider other evaluations of importance to the company’s security, such as an IT audit.

WANT more information?

Web - More information [ENG]