Policies & Procedures Consulting

An organization's security policies are the basis for an effective security system. As an organization tries to walk the fine-line between convenience and security, this base layer of their operation determines what can become vulnerable, how vulnerabilities are detected, and how long they take to mitigate. If your policies and procedures don't answer these basic questions, you should consider having them reviewed:

• Who has each of your mechanical keys? How will you know when one is lost? What do you do in the circumstance when one becomes lost?
• What do your guards actually monitor? Do they need to do physical rounds? What do they check? How often do they go? How do they log things? How can you be assured that your guards are actually making those rounds?
• Who tracks contractor or master keys/fobs? Are these allowed to leave your site? How often do they need to renew that access?
• Who are the decision makers in an incident? What is the process for contacting them? What if they can't be contacted? How quickly are you willing to call the police?
• Do your employees need to show their badges when they're in your facility? What will your employees do if they see a face that's not familiar?
• What steps should an employee follow if they find improperly secured confidential information, find a door that has been propped open, or see a suspicious person in the office?

While some organizations have good policies and procedures in place, these often fall to complacent behavior or a lack of motivation and security culture. GGR works with our customers to consider both the quality of their policies and procedures, as well as the implementation effectiveness thereof in order to ensure that the cornerstone of your risk mitigation strategy is serving you optimally.

This process often also involved running an exercise, either liveor as a tabletop, to verify the effectiveness of your newly revised policies.

Vulnerability Assessments

Design

Training

Publications