This document is restricted to IOGP Members only. For access to this report, please visit the IOGP Members’ Area.
This provides guidance and information which can assist a security manager in carrying out a security risk assessment (SRA), as part of an effective security risk management process.
Most activities of an organization involve some level of risk, of which security risks can be amongst the most dynamic.Unlike HSE risks, which are essentially passive, security risks are by their very nature active by design. There is invariably hostile human action/intention. Therefore, security risk assessment (SRA) and HSE risk assessment definitions and processes are fundamentally different – HSE risk assessment definitions and processes are not appropriate in a security environment.By following this report an organization should be able to implement a robust security risk assessment that:
- addresses security threats and mitigates risk emanating from those threats to an acceptable level
- assists in the protection of people, assets, operations, information, and reputation
- improves operational resilience and response
- encourages management involvement
- effectively allocates and uses resources, based on risks
- establishes a basis for planning and decision-making
- improves organizational learning
- satisfies regulatory requirements