| SECURITY RISK MANAGEMENT |
|
|
| Nationwide Security Risk Management conducts audits or reviews of all types of company assets to determine the nature and extent of security risk exposures. Australian Standard AS/NZS 4360 is applied at every stage of the review. The objective of the process is to determine where the vulnerabilities of the company lay with regard to security incidents and to reduce or eliminate such exposures. In recognition of the requirements of the implementation phase, all risk reduction strategies are provided on a prioritised basis. The process is as follows: |
|
| 1. REVIEW or AUDIT |
|
| A review (where there is an existing program to be assessed) or an audit (where the company takes the decision to totally reassess security exposures) is an information gathering process. An extensive physical survey is conducted. In conjunction all key personnel are interviewed and existing documentation and procedures collated. |
| |
| 2. REPORTING |
|
| A detailed report is prepared which first identifies all existing security risk management exposures. These are subject to qualitative analysis and given a score indicating significance. Following the determination of vulnerability, a series of prioritised risk reduction strategies are set out. |
| |
|
3. IMPLEMENTATION |
|
|
The effectiveness of a risk reduction strategy is closely related to the manner in which recommendations are implemented. As a consequence the emphasis is on ensuring that the appropriate documentation is prepared and any installation of equipment tested for effectiveness prior to commissioning. The documentation is produced in manual format. It includes standard operating procedures, response procedures and security related recovery plans. |
| |
| 4. REVIEW |
|
| As part of the process attention is paid to ongoing self-assessment. There will always be however a need for regular independent reviews of the entire security risk reduction program. Such reviews will normally be annual unless the nature of the companies business requires more frequent attention to security. |
| |
| 5. SUPPORT |
|
| The provision of the security risk management service can be implemented in two ways: |
|
| |
 |
The submission and implementation of risk reduction strategies which are then managed by the client's staff with training and on call support. |
|
|
|
| |
|
An arrangement which provides ongoing specialist support for the security risk management program on a long-term consultancy basis employing Nationwide's extensive experience base. |
|
| Either way the outcome is that the Client Company will be fully aware of the nature and extent of security risk exposures applying and the effectiveness of the risk reduction strategies. This will allow timely response to escalating identified risk or the emergence of a new risk. |
|
