Ensuring your organization’s safety is never a simple matter. That’s why you need certified, credentialed assessors who can provide the experience and expertise needed to help you succeed along the way.
When I started my safety career, I had no clue there were differences between a risk assessment, vulnerability assessment, threat assessment, or security audit. I did not realize that a one-week course on CPTED (Crime Prevention Through Environmental Design) was not going to be enough to be successful for our clients.
Simply put, I didn’t know what I didn’t know. It wasn’t until I started studying for my PSP through ASIS International and went on my first risk assessment with industry leader Kevin Doss that I realized that my background in security, military and law enforcement wasn’t going to be enough. Credentialization is critical to being an effective, successful risk assessor.
In order to learn what I didn’t know, I had to study. It wasn’t just about the new fence or alarm system: It was also about reading up on innovative technology, insurance trends, medical advances, psychology and more. A professional credentialed assessor will care about all of this and stay attuned to what is coming in order to help you keep your organization as safe as possible. A local guy with a security background may not.
What Is Coming Matters
Keeping a finger on the pulse of trends and challenges helped me to anticipate some of the impacts of COVID-19. Right before the first pandemic-related lockdown in 2020, I began telling our assessment teams that we needed to cut back, if not outright cancel, our travel schedule and on-site work because we were about to get hit by the pandemic. Very few agreed with me. But because I had been reading about what was happening daily, I was able to understand the changing safety recommendations surrounding the pandemic — something that every business owner was starting to face.
It wasn’t really that the recommendations were changing; they were evolving. Organizational threats change constantly, but unfortunately, things like anchoring bias and heuristics abound. We rely too much on the first piece of information we are given and then try to come up with the simplest solution. I can point to my client who wasn’t interested in implementing a pandemic/infectious disease plan into his emergency operation plan because he thought “it wasn’t going to happen” as an example.
Risk Assessment Redefined
Over the years, I’ve had the opportunity to learn about many companies’ products. Many do not offer recommendations; they only point out basic needs like new lighting or fencing requirements. Some companies’ assessments are hundreds of pages long, but many are short on analysis.
I have seen those who offer free assessments, too. Many of these so-called free services are tied to buying products. Just remember, if something is free, it is worth exactly what you paid for it. We make our risk assessments product-agnostic to ensure the people in your organization are the priority, not a cross-sell opportunity. We may have a solution that meets your needs, but we always recommend that purchases be sent through the request for proposal process to make sure you receive the greatest value for your investment.
A View from the Inside
While most assessments and audits focus on concentric layers of security to keep threats out, we look at your security from the inside. Most threatening events, whether it is in a business or a school, begin inside the facility. We realize this because we have a background in the science of active shooter response (ALICE Training®). We also assess your facility physically during both day and night conditions. If you run three shifts, we may look at all of them, because we understand that each one comes with specific security concerns.
It’s important to put your emergency operations plan to the test by conducting consistent training and drills, and we assess success in this area too. I have seen elaborate emergency operations plans that are hundreds of pages long, but when I ask the staff simple questions about evacuation for an internal threat, they have no idea what to do. In some of the cases I’ve seen, employees do not even know how to open their stairwell doors.
One Size Never Fits All
Navigate360 offers various safety and security solutions for businesses, healthcare organizations, K12 educators, universities, houses of worship, and even amusement parks. While each of them addresses some of the same security and safety concerns, we appreciate their differences.
For example, 2020 brought many changes to the healthcare industry, specifically regarding safety requirements. As a result, we added more than 68 questions to our healthcare risk assessment product to address the new Medicare/Medicaid regulations and ensure our clients don’t lose Medicaid/Medicare funding due to safety gaps. This document has grown to approximately 850 assessment areas (from the original 750 just 4 years ago). We don’t just review our documents annually; we update assessment documents if recommendations change even before the annual review.
Our practice is to be a true partner with our clients. That’s why we suggest vulnerability assessments to keep organizations on track and accountable before their next risk assessment. We don’t look at our assessments as a one-and-done: We build relationships to keep our clients updated on a continual basis so our assessments are accurate and they remain current on compliance.
Certifications and Expectations
Our risk assessors are required to have their ASIS International Board Certification as Physical Security Professionals and then maintain it every three years by recertifying. If they do not meet that qualification, they simply cannot work with our clients. We require our personnel to stay current with everything that changes in the field. Giving clients information from 20 years ago is not lowering their risk. Simple things such as identifying differences in response to violent intruders in emergency operations plans can save lives.
We review plans, insurance documents, previous incidents and training documents and conduct onsite interviews to get more than just the contact person involved. One of the best jobs I have been on was with a food production facility. I was given access to their personnel on a level not usually afforded. I spoke to the CEO, the HR (Human Resources) director, IT people, custodians, maintenance workers, and even forklift drivers. Safety is everyone’s concern, and it should be a shared responsibility. Not taking everyone into account can leave an organization vulnerable.
We also strive to cut through the gatekeeping that sometimes occurs between security and an organization. Even more importantly, we try to get everyone on the same page when it comes to their security and safety interests. Because we don’t have any internal biases about the culture of an organization or its people, we can give an untarnished view about what we see.
Reports and Recommendations
We strive to meet our client’s expectations when it comes to the reports we provide. Our scoring is easy to absorb and doesn’t require training to understand how it works. There are no voluminous checklists to dig through to find where gaps exist in the organization. While the organization can internally prioritize recommendations, we break down the professional recommendations so the organization has a road map to improvement. We separate these reports in three ways.
The first part of the report is scoring, and the second part includes a gap analysis in six main areas (hazard and threat assessment, emergency operations plan, prevention programs, response and training programs, technology and infrastructure, and recovery planning). The last third of the report contains professional recommendations from the assessor. Those are broken down further to address short-, mid- and long-term needs, and these recommendations are based on two concepts:
The first concept involves mitigation impact. If the recommendation mitigates a serious immediate risk to the organization, it will appear as a short-term recommendation so the organization can immediately begin to address it, regardless of cost. The second concept is the cost of the recommendation. Different recommendations are associated with different costs. A procedural change related to a safety or security concern may be inexpensive and thus a short-term recommendation. Purchasing six additional cameras to augment a current system, however, would fall under a mid-term recommendation due to cost. A long-term recommendation would be for an organization to hire a dedicated security director to handle all relationships with its overseas operations.
Setting Clients Up for Success
We make sure our clients’ organizations are prepared with the information they need to keep employees, staff, students and patients safe. It is the assessor’s responsibility to know what you don’t know, see what you don’t see, and provide you with documentation and recommendations to correct the gaps in safety.
Knowledge is power and making safety a shared responsibility in your organization is not only important; it’s essential. Strengthen your holistic culture of safety with professional, credentialed risk assessors who can prepare your organization for all the inevitable challenges and changes in store — and keep your organization and your employees secure and thriving.