ESC Gulf

The security advisory services delivered by ESC Gulf are part of an integrated portfolio of security services called PRISM® (Performance and Risk-based Integrated Security Methodology).

 

 

Compass

PRISM® has four phases:

A

Strategy & Planning

Any risk management model has to fit with how an organisation takes decisions about its risk exposure and how it likes to manage it. Security is no different. This Phase takes account of the corporate strategy that has created the exposure to security risk, the Board’s tolerance of that exposure and the governance framework it uses to ensure that tolerance is not exceeded.

B

Assessment

A methodical and rigorous approach to risk identification and evaluation is then undertaken at regional, national, local or site and facility level. This includes a scoring mechanism that covers threat characterization, consequence assessment, vulnerability assessment, threat likelihood and culminates in a Risk Register.

C

Design

Once the risk has been identified, Protection Objectives are agreed which reflect the Board’s tolerance for security risks. Our team will then design an Integrated Security System (ISS) which includes a range of risk mitigation measures which together meet performance criteria defined at each level of Detection, Delay, Response & Resilience. Performance specifications give our Clients assurance that security risks are actually reduced to a level that meets the Protection Objectives for a site or facility. The performance specifications are embedded within the tender documents which will be used as a measurable criteria post implementation of the physical and electronic security measures.

D

Implementation & Review

Any risk model only works if it is implemented and monitored – change happens and the security environment is a volatile and unpredictable one. As well as reporting and monitoring, advice about how to ensure value for money on security expenditure is included. All our client work is based on PRISM® which can be tailored to specific client requirements, providing a bespoke fit for the business. This is critical to the successful implementation of PRISM® by all those involved in managing the risk.