Operational Requirements in Security
Operational Requirements (OR) are essential for an organisation or security team to produce a clear, considered, and high-level statement of their security needs based on the risks they face.
A well-defined Operational Requirement increases the likelihood of success in any security project and reduces the risk of commissioning expensive irrelevant work. The involvement of key stakeholders in the OR process will increase buy-in for the project, simplifying any organisational or operational change required.
What is an Operational Requirement?
Operational Requirements (OR) is a systematic process that will lead to protective security measures assessed by the likelihood of successful application enabling an organisation to produce a statement of requirement, or a report of need, based on the risk and threat faced by an individual, organisation or event. By completing an OR, you will have a prioritised list of protective security measures and recommendations to implement actions that follow the principles of Deter, Detect, Delay and Respond.
Security Layer Principles
In physical security, layers or principles refer to the fundamental guidelines or approaches followed to ensure adequate security measures. These principles create a comprehensive security posture by addressing different aspects and potential vulnerabilities. The most common principles or considerations in physical security are:
- Deter: The principle of deterrence aims to discourage potential threats by implementing visible security measures, such as signage, barriers, or surveillance cameras. The goal is to create a perception of risk and deter potential attackers.
- Detect: This principle identifies and detects security breaches or incidents as early as possible. It involves using surveillance cameras, motion sensors, or alarm systems to detect unauthorised access or suspicious activities.
- Delay: The principle of delay involves implementing physical barriers or access control measures to slow down or impede unauthorised individuals. This provides additional time for security personnel or authorities to respond to the situation.
- Respond: This principle emphasises having appropriate response protocols and procedures in place to address security incidents effectively. It includes training security personnel, establishing communication channels, and coordinating with emergency services.
- Recover: The recovery principle deals with the aftermath of a security incident, focusing on restoring normal operations and mitigating the impact. This may involve conducting investigations, implementing corrective measures, or improving security measures to prevent future incidents.
These principles are not rigid rules but guidelines that organisations follow while designing their physical security strategies. By considering these principles, organisations can create a layered and comprehensive approach to physical security, increasing the overall effectiveness of their security measures.
In physical security, the security layer system refers to the combination of physical measures and protocols to protect a physical space, person, or assets from unauthorised access, theft, vandalism, or physical threats.
Physical security relies on multiple layers of protection to ensure comprehensive security. These layers can include various components such as:
- Perimeter Security: This involves securing the outer boundaries of a facility with features like fences, barriers, gates, or walls, often accompanied by surveillance systems.
- Access Control: Implementing measures to control and monitor who can enter or exit a facility. This may involve technologies such as access cards, biometric systems, or security personnel.
- Surveillance Systems: Utilising CCTV cameras, motion sensors, or other monitoring technologies to monitor visually and record activities within and around the facility.
- Alarm Systems: Installing intrusion detection systems that detect unauthorised entry, triggering alarms and alerting security personnel or authorities.
- Security Personnel: Employing security teams to patrol the premises, respond to incidents, and enforce security protocols.
- Environmental Controls: Ensuring safety measures like fire detection and suppression systems, emergency exits, or environmental monitoring systems to protect against disasters or accidents.
By implementing a well-designed security layer system in physical security, organisations can deter, detect, or delay potential threats, and respond to incidents swiftly, to protect the people, assets, and information within the protected space.
Operational Requirement Process
The Operational Requirement process will lead to protective security measures assessed by the likelihood of successful application.
There are six steps in the Operational Requirement process; these are completed using a template:
- Dividing up a site (identify the areas or locations for consideration)
- Defining the risks and mapping to the areas identified
- Identifying and developing the protective security recommendations to address identified risks
- Assessment of protective security recommendations (in terms of likelihood of success)
- Cross-reference back to risks to identify if the measures in place have mitigated the risks and if the remaining risk (residual risk) is acceptable.
The protective security measures template should identify the security requirement in the following areas.
- Beyond the perimeter
- Within the site
- Building or venue
- Asset and personnel
The layers must integrate with one another to provide a workable protective security solution.
Operational Requirements (OR) play a crucial role in ensuring the effectiveness and success of security projects. Organisations can identify and address their security needs by conducting a systematic OR process based on the risks they face. This process involves the active involvement of key stakeholders, which increases buy-in and simplifies any necessary organisational or operational changes.
Security layer principles, such as deter, detect, delay, respond, and recovery, further enhance security posture. By following these principles, organisations can create a layered and comprehensive approach to physical security. The OR process, consisting of steps like site identification, risk definition, development of protective security recommendations, assessment of requests, and cross-referencing risks, enables organisations to prioritise and implement protective security measures effectively. Organisations can achieve a robust and holistic protective security solution by integrating these measures and ensuring their interdependence.