A Practical Tool
Critical Controls fall within the realm of Critical Control Management. It is a practical approach to mitigate crime threats to operations. Historically, the application of these controls focused primarily on potential catastrophes in mining. However, the process and principles are equally well applied where vulnerabilities in the crime prevention programme prevails.
Security Managers, Loss Prevention Managers and all personnel charged with the mitigation of risk should actively apply critical controls as part of their security operations management programme. That is where the programme is an ongoing management and governance process supported by top management.
A number of companies have improved their security focus and this is often measured by crime counts and similar reactive measures. However, serious crime, organised crime and significant events still occur.
Investigations into these crimes typically show that known controls for known vulnerabilities were not effectively implemented in practice. This is the reason for the focus on critical controls that are championed by the critical control management approach.
Critical control management should form part of the day-to-day control to prevent crime and losses to companies by adopting this approach.
This is because it focuses on a smaller and more manageable number of risk controls. The process uses bowties, which provide a simple and readily understood picture of the links between crimes, the crime pathway and the critical control to prevent it occurring or to minimise recurrences.
These controls provide a mechanism to allow more effective governance over the vulnerabilities which may result in business risks.
The Basic Process
The process involves a good team to plan the process under the guidance of a subject matter expert. What then follows is the identification of critical controls, selection, assigning accountability and verification of sound implementation.
Typically, the Bowtie process is applied. The Bowtie is an analytical method for identifying and reviewing controls and mitigation factors intended to prevent or mitigate a specific incident or event. It is preceded by understanding the crime pathway and the targeted assets.
Photo Source: jcomp