Developing Security Alert Levels
Security alert levels communicate information about the security measures used to reduce risks in emergency situations or other times of increased risk. They also enable an organisation to scale their security measures, making them appropriate for the incident and easily adjustable as the risk increases or decreases.
Creating alert levels helps organisations apply security measures quickly before or during an incident, greatly improving their ability to protect people, information, and assets.
Security Levels Development
Adopt an “all hazards” approach when establishing alert levels. This means considering all types of threats from all sources, so you can create an appropriate response. Physical and environmental threats may have the same or greater effect on your organization’s operations as security threats.
Any protective security measures implemented in your alert levels should reduce risks to personnel, information, and assets. They should also make information and asset sharing arrangements more secure.
Source of Risks
Base your alert levels on identified risks from your security risk assessment. Physical security risks can be categorized into three main groups:
- Event: An important occurrence that affects your organization’s functionality, such as a storm or earthquake.
- Threat: A declared intention and capability to harm people, information, or property.
- Activity: An action likely to have a negative impact on physical security, such as protests, occupations, or filming.
If protective security measures are damaged or breached by an event or activity, or if you have reliable evidence of a potential threat, consider escalating the alert level.
Unique Risk Assessment
Each facility or work area may have distinct security risks. To identify and evaluate the physical security risks that may affect each site during events, threats, or activities, security management personnel should collaborate with:
- Local managers responsible for each facility
- Individuals involved with business continuity, disaster recovery, and risk management.
Internal and external sources of information
Gather data on potential risks from both internal and external sources.
Internal sources
Your organization’s risk assessment is an invaluable source of information. Consult with your business areas to learn more. They can provide information on:
- Potential disruption to operations, damage to personnel, or loss of data and assets
- Changes to Business Impact Levels (BILs) at the end of projects
Other internal sources of risk information include:
- Protective security risk reviews
- Security incident and staff reports
- Security and operational risk registers.
External sources
External sources include any organizations you work with, partner with, or co-locate with. You should consider the Business Impact Levels (BILs) of any collaborative work or sharing arrangements. What unique risk factors do the other agencies have and how might they affect your combined business continuity plans?
Avoid Over- and Under Protection
Design and select alert levels that strike a balance. Over- or underprotection of people, information, and assets can lead to issues.
Overprotection
Overprotection is costly, inefficient, and can impede operations. Typically, it’s caused by:
- Personal assessments of risk sources
- Lack of alert levels that enable proportionate responses to rising risks.
Underprotection
Underprotection can jeopardize personal safety and the security of information and assets. To avert it, provide clear instructions to help people recognize which risks require heightened vigilance. Make it easy to apply the necessary measures.
Determine Number of Alert Levels
Consider the nature of your organization, the types of facilities in use, your operational role, and known risk levels to decide how many alert levels are needed. Factors such as operating environment and changes in risk sources must also be taken into account.
Alert Levels
These four alert levels provide guidance on how to:
- Set up an alert system
- Explain the scenarios each level encompasses
- Outline the measures associated with each level.
Low
This security alert level is applied when the likelihood of an event causing harm is low. The security measures in place satisfy normal internal operational requirements.
Medium
This security alert level applies when an event, general threat, or physical activity likely to cause harm may occur. However, there is no targeted threat to your organisation or facilities. Security measures applied can be maintained indefinitely with minimal disruption to operations.
High
This security alert level applies when an event, threat, or physical activity likely to cause harm is expected to occur to your organisation or any of your facilities. Security measures can be kept for extended periods without causing difficulties for personnel, operational capabilities, or deteriorating relationships with the local community.
Extreme
This security alert level applies when an event, threat, or physical activity likely to cause significant harm is imminent or has occurred to your organisation or any of your facilities. Security measures cannot be maintained for extended periods and may cause difficulty for personnel, affect operational capabilities, or worsen relationships with the local community.
Calculate and Confirm Your Security Alert Level
Use your assessment of risk sources and operational requirements for each facility to determine which security measures are necessary for each alert level.
Several generic measures may be appropriate at each alert level. For example, refer to “Operational Security Measures for Alert Levels”.
Your security management personnel should collaborate with local area managers and consult with your risk managers to formulate procedures for each facility and risk source.
Monitor and Adjust Your Risk Environment
You should actively monitor your organisation’s risk environment and adjust the alert level accordingly.
Security Alert Levels Guide
Develop a guide to refine your alert levels and related security measures. Consult different business areas in your organisation to determine the efficacy and impact of the guide.
Your guide will be a key source of information about your security alert levels.
Develop a Communications Plan
Creating an effective communications strategy is essential to ensure the right responses to a change in alert level. Your people must know what has changed and what they need to do. To facilitate this, you should develop a plan that takes into account the audiences, messages, methods, and responsibilities.
Audiences: Who needs to be informed and what do they need to know? Different communication may be necessary for different audiences (e.g. senior management, staff, security staff).
Messages: What messages should be communicated to each audience? Keep the statements concise and unambiguous, and ensure they clearly identify the issues and the required actions.
Methods: How will the messages be conveyed? Select the best medium or combination of mediums to ensure your messages reach the audiences quickly and effectively.
Responsibilities: Your strategy should specify:
- Who is responsible for determining the alert level (this could vary by level and facility)
- Any specific roles or responsibilities for other positions, as well as all staff.
For expert advice, seek input from your communications team when creating the plan.
Review and Update Your Processes
Review your alert level processes regularly: when you take on new projects, as the risk environment changes, after a significant incident that affects your ability to operate, and at least every two years. Also, practice and review activation procedures, as well as the security measures for each level. Identify any gaps and update your guide accordingly.
Debrief After Reaching High or Extreme Alert Levels
Debriefing after each alert level change to “high” or “extreme” can be beneficial for improving your response. Consider aspects such as: why the alert level change was initiated, how it was initiated, what activity and actions were taken, and what, if any, improvements could be made to alert level procedures and communications.