Guideline of the security risk assessment

Guideline of the security risk assessment

In 20 years, I have not found a single property, whether it is a company, estate, government property, or any other enterprise, that has a security risk assessment. Some people even got this mixed up with the health and safety assessment.

We cannot, even if we wanted to, explain everything that we do for a security assessment in one document. It would be a minimum of 300 pages. The same goes for explaining the process of a risk assessment in Zoom or any other form of a virtual meeting. It will simply take too long.

It is important to keep in mind that the age of the security system will impact the risk assessment in the whole process.

We write an outline of what a security risk assessment consists of, which includes the basic principles of a risk assessment, but it still does not explain every aspect of what we do during the project.

A security risk assessment is a specialized investigation focused on the security risks that provide the opportunity for crime.

  • There are not a large number of people who have the skill set to conduct a truly independent risk assessment, which is why very few people have risk assessments.
Security structures balance on four pillars.

As part of your risk assessment, we will discuss this topic in depth.

  1. Security risk: This identified risk and mismanagement create the opportunity for crime. We talk about inner and outer crime, public violence, disaster management because of crime, and so on, which are also forms of risk that need to be addressed.
  2. Risk-specific solutions: These are the ultimate solutions to eliminate the identified security risks.
  3. Processes and documents—communication and control—form part of this section and are some of the most underestimated security aspects. Processes, documents, communication, and control are almost always a problem when it comes to corporate businesses. These components are the glue that keeps everything together. Homes are included.
    I have done many security risk assessments, and I can tell you today that I have never found a company whose SOPs and SLAs are in order. Most of the time, the contents of the documents are unclear and difficult to understand, or they are just poorly written. Most importantly, the documents are never court-ready.
  4. Management: This is a general problem; the bigger the company, the bigger the problem. Many think having one person to look after security, health & safety, building maintenance, and so on is acceptable. However, this is where the ball drops. Since security is not subject to legal restrictions like health and safety are, it always loses. Naturally, all the attention will go to everything other than security. Management is where control and communication lie, although this is often overlooked. Home security also needs management.
Between these pillars,
Security Risk Assessment Guideline
Security risk assessment guideline

The risk assessor follows hundreds of different routes, depending on the type of building, the area, the neighborhood, the environment, and the history.

People often talk about a “vulnerability assessment, gap assessment, security analysis, security inspection, or security audit. Essentially, it boils down to a security risk assessment.

When you combine the four pillars, you will see that a security risk assessment covers every aspect of security, including those areas and specs that most people forget about.

A security risk assessment aims to identify all the security risks that provide the opportunity for crime. Once the risks are identified, the best-suited solutions can be identified and implemented accordingly.

We tell the truth about your security. Our document is not just a piece of paper, but a living document that will guide you to ensure that your security is successfully managed and maintained.

In-house vs Security risk assessments

In-house security risk assessments are often flawed from the onset because the assessors are typically part of the organization they are assessing, which can create bias and conflicts of interest.

Additionally, familiarity with the environment can lead the assessors to overlook crucial details, as people tend to stop noticing things they see every day, such as a potential security vulnerability. Furthermore, it can be difficult for an in-house assessor to assess their directors, who are the ones paying their salary.

Security provider vs. security risk assessment. Read more on product assessment vs independent security risk assessment.

Security providers that conduct security risk assessments are also problematic. Assessing themselves and their hardware is akin to conducting an in-house assessment, which creates similar issues of bias and conflict of interest.

Neglecting this can result in overlooking or downplaying significant security vulnerabilities, thereby putting the organization and its stakeholders at risk.

Summary security risk assessment

Please note that the outline/summary is not cast in stone; we still need to follow the risk.

From the neighborhood, we move on to assess access risk, which includes access control, access security, the structure, the access process, the SOPs, and so on. We also assess the daytime and nighttime factors, followed by the management of access. Both businesses and homes have access control; it is just the processes that differ.

Then, we start with the property line. It is most likely that this is where the most security mistakes happened. A property line has a specific function, and we measure the risk in accordance with this function.

In addition to this, we measure:

  • General security in the common areas of the property.
    • This includes parking areas, gardens, and so on, and these are the areas where criminals “hide in plain sight.”
  • We also look at the service providers and their efficiency, how they respond, what they do with the information, and so on.
  • Further to this, we look at all aspects and forms of surveillance to identify the risks and shortcomings in these systems.
    • Surveillance and artificial intelligence (AI) mapping.
  • We also assess the control and identify all risks. The control room serves as the heart of any security structure, yet it is frequently neglected and relegated to the bottom of the priority list.
Decision-making is a crucial aspect of security, and we assess this in detail. This includes the assessment of:
  • documents,
  • policies,
  • procedures,
  • instructions, and the like.

Amongst all these aspects, we also look at:

  • the human key,
  • the body language of the property,
  • key functions,
  • risk
  • control functions,
  • day and night risks, and a variety of other factors that have an impact on security, risk and crime.
  • intangible opportunities
  • security
  • unbalanced security
  • management,
  • communication,
  • silent communication
  • SLAs, documents,
  • SOPs, standard operating procedure (Security)
  • contracts,
  • responsibility,
  • Importance of evidence capture.
  • sharing of data, decision-making processes, and such.
Your risk assessment will include a detailed discussion of all of these topics.

Documents and communication in security

We assess and explain the reasons:

  1. Incident register,
  2. SOP register (Standard operating procedure)
  3. Download register,
  4. Master Copy register

Written by André Mundell Independent risk consultant of Alwinco.

We provide security risk assessments for customers in Centurion, Bloemfontein, Durban NorthPretoria East, Constantiaand other Gauteng cities. These evaluations apply to residences, businesses, industrial estates, farms, and other sorts of properties.


A total of 12 registers/documents needs to be in place for businesses, estates, and so on. The paperwork in the security world has been neglected for the last 30 years and is one of the reasons we are losing the battle against crime.

For homes, it is softer but some of the information will be in place and available.

In the assessment, we discuss crimes like kidnapping, assassinations, hijacking, and other violent crimes.

Share this page


Written by Andre Mundell

Scroll to Top
× How can I help you?