Consulting: Safety & Security Audits & Assessments

Safety & Security Audits & Assessments

Perform security consultation for the support of ships and port facility safety and security audits and risk assessments, plans, Maritime Transportation Security Act (MTSA) and International Ship and Port Facility Security Code (ISPS code) and security plan maintenance programs. Our approach prepares customers to meet or exceed the laws and Homeland Security compliance requirements thus preventing long term cost associated with fines, theft, and potential security breaches.

Safety & Security Audits & Assessments are designed to help organizations identify and understand the threats to and vulnerabilities of their infrastructures. Lessons learned from these assessments, as well as best practice approaches are utilized to mitigate vulnerabilities. TSPI philosophy is to leverage vulnerability risk assessment / security audit methods and approaches that have proven to be current and economically useful and useable. We are able to provide a wide range of written procedures, personnel training, technology, hardware and facility upgrades to address each customer's needs.

Commercial, Local, State, Federal, and Department of Defense/ Military entities both nationally and internationally should routinely perform vulnerability assessment and/or audits to better understand threats and vulnerabilities, determine acceptable levels of risk, and stimulate action to mitigate identified vulnerabilities.

The direct benefits of performing a Safety & Security Audits & Assessment include:

  • Build and broaden awareness. The process of doing an assessment and/or audit directs senior management's attention to security. It surfaces security issues, risks, vulnerabilities, mitigation options, and best practices. Awareness is one of the least expensive and most effective methods.
  • Create or evaluate against a baseline . If a baseline has been previously created, an assessment and/or audit are an opportunity for a "check up" to gauge the improvement or deterioration of an organization's security posture.
  • Identify vulnerabilities and develop responses . Generating lists of vulnerabilities and potential responses is usually a core activity and outcome of an assessment and/or audit. This information can help drive or motivate the development of a risk management process.
  • Classify key assets and drive the risk management process . An assessment and/or audit can be a vehicle for reaching corporate-wide consensus on a hierarchy of key assets. This ranking, combined with threat, vulnerability and risk analysis is at the heart of any risk management process.
  • Develop and build internal skills and expertise . A security assessment and/or audit, can serve as an excellent opportunity to build security skills and expertise within an organization.
  • Promote action . Although disparate security efforts may be underway in an organization, an assessment and/or audit can crystallize and focus management attention and resources on solving specific and systemic security problems.
  • Initiate an ongoing security effort. An assessment and/or audit can be utilized as a catalyst to involve people throughout the organization in security issues. The assessment and/or audit can lead to the creation of either an actual or a virtual (matrixed) security organization.

 

Methodology is divided into three basic phases:

  • Pre-assessment and/or audit phase involves defining the scope of the assessment and/or audit, establishing appropriate information protection procedures, and identifying and ranking critical assets. Each of these activities is critical in ensuring the success of the assessment and/or audit.
  • Assessment and/or audit phase the methodology consists of these elements - assess the threat environment; conduct penetration testing; assess physical security; conduct a physical asset analysis; assess operations security; examine policies and procedures; conduct an impact analysis; assess infrastructure interdependencies; and conduct a risk characterization.
  • Post-assessment and/or audit phase involves prioritizing assessment and/or audit recommendations, developing an action plan, capturing lessons learned and best practices, and conducting training. The first two tasks are aimed at focusing attention on high-priority security concerns and ensuring that these concerns are addressed in systematic and timely manner.

Potential users of Safety & Security Audits & Assessments include:

  • Maritime Administration (MARAD)
  • Port Authorities domestic and international
  • Department of Homeland Security (DHS)
  • Department of Defense (DOD)
  • Federal
  • Commercial:
    • Local Mass Transportation Authorities (e.g. air, rail, bus, etc.)
    • High Rise Complexes and Malls
    • Urban Communities
    • Utility Providers (e.g. power generation plants, gas, electric, water, sewage, telecommunications, etc.)

The Safety & Security Audits & Assessment process is a tool. From the initiation of the Safety & Security Audits & Assessment process, the TSPI team of experts will apply proven techniques to assist an institution in understanding the risks they face, and what cost effective steps might be taken to mitigate those risks. The development process is evolutionary in nature, and lessons learned from the assessments, as well as best practice approaches to mitigate vulnerabilities, are documented in the final customer reports.

 
Copyright © 2006-2007 Tactical Solution Partners, Inc. All Rights Reserved.