The Noggin Platform
The world's leading integrated resilience workspace for risk and business continuity management, operational resilience, incident & crisis management, and security & safety operations.
Find Your Solution
-
Crisis Management
-
Emergency Management
Apply best practices to plan for, respond to, and manage critical events and exercises. Built on ISO standards, you can respond faster with better collaboration using plans and playbooks, smart workflows, and real-time dashboards and insights, to ensure better incident response, decision-making, and continuous improvement.
Featured Modules
- Incident Response Plans & Checklists
- Critical Infrastructure Protection
- Welfare Checks
- Continuous Improvement
All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.
Featured Modules
- Security Threat Assessment
- Incident Management
- Planned Events
- Lone Worker Management
-
Safety Management
-
Employee Health & Wellbeing
-
Governance, Risk & Compliance (GRC)
-
Asset Management
-
Contractor Management
-
Visitor Management
-
Emergency Management
All the tools needed to automate your safety management system in one easy-to-use platform, following ISO standards. Increase efficiency with powerful automation capabilities and provide real time insights to all levels of your business. Configurable notifications, workflows, analytics, and mapping empower your safety personnel to make better decisions wherever they are.
Featured Modules
- Incident Management
- Injury Management
- Online Inductions
- Reporting & Analytics
Maintain a comprehensive view of the wellbeing of your workers, their needs, and the wellbeing initiatives conducted in your organization. Through various assessments, checks, analytics, and resources you can easily manage both the physical and mental wellbeing of personnel across various locations and programs.
Featured Modules
- Wellbeing Reporting
- Ergonomic Assessment
- Vaccination Management
A suite of tools to collect risk data from across your organziation from a range of stakeholders, in real time, and based on ISO standards. Fully customisable, with everything from a simple pre-task assessment though to an organisational risk register, we make it easy to capture risk data and provide the analytics to derive rich insights, to keep your organisation safe and compliant.
Featured Modules
- Audits
- Inspections
- Take 5
- Standards Compliance
Track all your assets from your vehicle fleet, fixed or mobile plant and equipment though to your critical infrastructure using our range of tools. Plan maintenance ahead of time and by collecting lead indicator data from checklists and assessments on any mobile device, then enable users to update the status of your assets to track utilisation, share documentation and report issues.
Featured Modules
- Asset assessments & checklists
- Workorder Management
- Planned Maintenance
- Asset Status Tracking
Save time and money by enabling contractors to self-register and progress through a customizable workflow, to check documentation before becoming an approved contractor. Contractors can then be automatically followed up using workflows and notifications to keep their organziation compliant.
Featured Modules
- Contractor Entities
- Contractor Workers
- Contractor Plant
Streamline visitor sign-in using a QR code on a form tailored for your organisation. Visitors can complete inductions, answer questions and acknowledge content then have notifications triggered to their host based on their responses. Once on site, manage visitor cards, broadcast notifications and understand visitor trends to optimise your processes.
Featured Modules
- Visitor Registration (QR Code)
- COVID Management
- Emergency Notifications
- Host Notifications
All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.
Featured Modules
- Featured Modules:
Situational Awareness & Reporting - Incident & Special Event Pre-Planning
- Damage Assessments
- Exercise Management
-
Physical Security
-
Cyber Security
-
Visitor Management
-
Critical Infrastructure Protection
-
Emergency Management
-
Governance, Risk & Compliance
-
Asset Management
-
Contractor Management
Proactively manage all aspects of physical security operations from anywhere, on any device. Based on ISO standards, streamline your operations using workflow automations to guide information capture, enrichment, follow up tasks, and notifications. Validate threats and risks to drive better investment of your resources.
Featured Modules
- Cyber Threats & Treatments
- Standards Compliance
- Audits & Inspections
- Compliance Obligations & Breaches
Manage cyber threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions, and drive continual improvement review cycles.
Featured Modules
- Cyber Threats & Treatments
- Standards Compliance
- Audits & Inspections
- Compliance Obligations & Breaches
Streamline visitor sign-in using a QR code on a form tailored for your organisation. Visitors can complete inductions, answer questions and acknowledge content then have notifications triggered to their host based on their responses. Once on site, manage visitor cards, broadcast notifications and understand visitor trends to optimise your processes.
Featured Modules
- Visitor Registration (QR Code)
- COVID Management
- Emergency Notifications
- Host Notifications
Consolidate the threat and risk picture across all your assets, easily demonstrate compliance with security obligations, and gain an ‘all threats’ perspective encompassing physical, cyber, personnel and supply chain. Address and manage cyber threats without having to implement costly new ICT systems and drive continuous improvement and review cycles.
Featured Modules
- Risk & Threat Assessments
- Security Inspections
- Crowded Place & Impact Assessments
All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.
Featured Modules
- Situational Awareness & Reporting
- Incident & Special Event Pre-Planning
- Damage Assessments
- Exercise Management
Manage cyber, emergency and security threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions and drive continual improvement review cycles.
Featured Modules
- Cyber Threats & Assessments
- Standards Compliance
- Audits & Inspections
- Compliance Obligations & Breaches
Track all your assets from your vehicle fleet, fixed or mobile plant and equipment though to your critical infrastructure using our range of tools. Plan maintenance ahead of time and by collecting lead indicator data from checklists and assessments on any mobile device, then enable users to update the status of your assets to track utilization, share documentation and report issues.
Featured Modules
- Asset assessments & checklists
- Workorder Management
- Planned Maintenance
- Asset Status Tracking
Save time and money by enabling contractors to self-register and progress through a customizable workflow, to check documentation before becoming an approved contractor. Contractors can then be automatically followed up using workflows and notifications to keep their organziation compliant.
Featured Modules
- Contractor Registration
- Permit to Work
- Work Orders
- Contractor Self-Administration
-
Business Continuity Planning
-
Crisis Management
-
Governance, Risk & Compliance (GRC)
-
Continuity of Operations (COOP)
Follow ISO standard approaches to determine disruption impacts and develop plans & recovery strategies to address risks. Track gaps, dependencies and tests, capture exercises, and manage insurance details. Scale up to any incident and back down to business as usual as quickly as possible and drive continuous improvement.
Featured Modules
- Business Impact Assessments
- Incident & Exercise Management
- Recovery Strategy Tracking
- Continuity of Operations (COOP)
Apply best practices to plan for, respond to, and manage critical events and exercises. Built on ISO standards, you can respond faster with better collaboration using plans and playbooks, smart workflows, and real-time dashboards and insights, to ensure better incident response, decision-making, and continuous improvement.
Featured Modules
- Incident Response Plans & Checklists
- Critical Infrastructure Protection
- Welfare Checks
- Continuous Improvement
Manage cyber, emergency and security threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions and drive continual improvement review cycles.
Featured Modules
- Cyber Threats & Treatments
- Standards Compliance
- Audits & Inspections
- Compliance Obligations & Breaches
Ensure preparedness across your organisation. Conduct business impact assessments and quickly identify essential functions. Assess hazard and threat risks. Identify technology, assets, facilities, and critical personnel. Gather and assemble essential information and documents. Develop, test and maintain your COOP plans. From readiness and preparedness to reconstitution, manage all four phases of the Continuity of Operations Plan to minimize business loss and disruption.
Featured Modules
- Business Impact Assessments
- Threat & Hazard Identification
- Continuity of Operations Plans Management
- Testing, Training & Exercises
A Comprehensive Guide to Understanding ISO45001
Who We Are
The world’s leading platform for integrated safety & security management.
- Follow us
-
-
-
.svg)
.svg)
.svg)
The role of the Security Operations Centre in managing operational security risk
Forty-two percent of security professionals are concerned with their organisation’s inability to secure physical spaces, according to the Ponemon Institute. That’s not surprising. Buildings, sites, plants and equipment, materials, and other physical assets tend to be largescale, creating a larger physical environment to secure. What’s, then, to be done if your organisation finds it difficult to protect physical assets and people as well as coordinate speedy responses? The answer is clear: build a robust Security Operations Centre to improve your operational security posture.
What’s a Security Operations Centre, exactly? Definitions vary. Broadly speaking, though, a Security Operations Centre provides a platform for detecting and reacting to security incidents.
The actual Security Operations Centre is a facility (physical, virtual, or hybrid) that houses an organised, highly skilled security team. That team relies on operational security management software and well-honed processes to achieve top-line, security objectives.
Who staffs the Security Operations Centre and what do they do?
The security team responsible for carrying out the Security Operations Centre core mission usually includes the SOC manager who heads up operations, engineers, and security analysts. That team will also work closely with the organisation’s Crisis, Emergency Management, and Business Continuity teams to coordinate responses to physical security incidents that become critical events.
The primary duties the team discharges include regularly monitoring and analysing the organisation’s operational security posture. More specifically, the Security Operations Centre team detects, investigates, responds to, and reports on security incidents.
It’s important to note that the Security Operations Centre is an operational unit. That means it’s not responsible for developing security strategy.
In essence, the Security Operations Centre works continuously to manage risks and threats. Of course, those responsibilities don’t cease when the office closes down. And that’s why most Security Operations Centres are open around the clock.
What’s the benefit of the Security Operations Centre?
This kind of set up offers a key benefit in terms of centralising security arrangements. It’s clear that advanced equipment and technology alone aren’t enough to achieve operational security goals. If they were, there’d be far fewer physical security incidents, as security procurement went up. Instead, mitigating risks and improving incident preparedness and response call for a security apparatus specifically dedicated to preventing damage, theft, and intrusions, as well as protecting people.
And that’s precisely what Security Operations Centres do so well. They consolidate security expertise and reporting into one centralised location.
Security Operations Centres receive physical security data from the field to furnish a real-time picture of security threats and vulnerabilities. This centralising approach cuts down on the siloing characteristic of security incident management in most large enterprises.
Rather, the Security Operations Centre delivers noticeable gains in visibility, increasing situational awareness of security incidents. Also, when it comes to those security incidents, a Security Operations Centre will help communicate to and interface with other parts of the business who need to be on high alert if a security breach does occur, e.g., Legal and PR.
Another thing: recently, lawmakers and regulators have mandated aggressive security measures, especially in critical infrastructure sectors. A robust Security Operations Centre might go a long way towards ensuring compliance with those mandates, as well as easing any reputational damage that might come following a physical security incident.
What are the challenges of setting up a Security Operations Centre?
Despite the benefits, Security Operations Centre adoption isn’t universal. In fact, 48 percent of companies still don’t have a Security Operations Centre, according to EY’s Global Information Security Survey, 2017-2018.
What’s going on, here? Well, for starters, upfront capital costs for furnishing a Security Operations Centre can be considerable. On balance, though, that financial investment pays for itself in the lower incidence of security mishaps down the line.
There’s also the complexity of conforming with multiple regulations (external as well as internal), as organisations do build out their Security Operations Centre. Lastly, qualified security analysts can be hard to come by.
Overcoming the challenges to operating a successful Security Operations Centre
Overcoming those challenges won’t be a walk in the park. But they are surmountable with the right practices.
As mentioned, security strategy doesn’t come out of the Security Operations Centre. However, the aims of the Security Operations Centre should be consonant with those of the organisation’s overall, operational security strategy – we’ve provided some examples below.
In other words, for the Security Operations Centre to be successful, it must address specific, clearly defined company (and customer) needs. It should also scale to the organisation’s footprint.
C-suite sponsorship of the Security Operations Centre helps in this regard. Though operational security focused, the Security Operations Centre is a cross-functional operation. Typically, only senior executives can ensure that business-specific goals from various departments are incorporated into the Security Operations Centre’s mission. Also: that the Security Operations Centre gets the necessary visibility across a defendable perimeter, be that perimeter comprised of doors, walls, or other physical barriers.
Context-aware threat intelligence helps, here. A Security Operations Centre that first undertakes a detailed site vulnerability assessment is far more likely to be successful than one that doesn’t.
The vulnerability assessment will help Security Operations Centre staff discover gaps in need of greater focus (and protection). The vulnerability assessment will also give the organisation at large more granular knowledge into layout and how employees act within the physical environment.
Further, the vulnerability assessment games out the impact of potential security incidents and their possible effects on security personnel and process operators. Those potential impacts, in turn, help determine your operational security requirements. Those requirements might include:
- Identify and control individuals who enter and exit the facility
- Track movements of building occupants and assets
- Control access to restricted areas
- Track and locate equipment, products, and other resources
- Track the location of personnel on site in the event of an incident
- Integrate control and security systems for greater speed and efficiency
- Protecting process automation networks and systems from potential intrusion
- Respond quickly to alarms and events
To be sure, those requirements should be part of the organisation’s incident response framework, upon which the Security Operations Centre will plays a key role executing.
What’s more, the most effective Security Operations Centres are governed by established, rigorous processes. Their staffs are engaged in continuous training that keeps pace with the evolving threat picture.
The Security Operations Centre is one component of a best-practice operational security management program. Here are some of the other best practices for planning and managing your operational security resources.
- Physical security programs should be holistic, and the allocation of resources should be integrated into the organisation’s mission, objectives, goals, and budget process.
- Physical security functions should be consolidated within an internal security office, led by a Director of Security (i.e., CSO), who reports to a high-ranking senior executive official who has ready access to the agency head, as needed.
- Director of Security (i.e., CSO) should be responsible for managing and allocating physical resources based on risk assessments and using performance measures to justify security resources across the organisation’s facilities.
- Development and implementation of the physical security program should involve collaboration among top management, security, facilities management, emergency preparedness, budget, health and safety specialists, and other stakeholders.
- Physical security programs should be aligned with the organisation’s mission, strategic goals, and budgetary requirements.
- Physical security programs should meet the cost-effective expectations of the organisation’s leadership in terms of totally integrated security support and safety services rendered.
- Physical security programs and countermeasures should be balanced with other operational needs and competing interests.
- Physical security resource allocation should be periodically assessed, including historical spending records, which may be useful in future resource allocation considerations.
Source: Department of Homeland Security
Simply building and staffing a Security Operations Centre doesn’t ensure zero physical security incidents. Organisations will still need to take a best-practice approach to operational security management, committing to constant training, developing rigorous processes, implementing standards, and procuring the right integrated risk management and operational security management technology.
Security Operations Centre operators, in particular, often have to manage multiple technology sets at once. But there’s a means of easing the burden. Operational security management software not only keeps operations secure but Security Operations Centre humming along. Just look for the following features when procuring:
- Manage all operational security incidents and major events in a single system
- Perform security investigations
- Centralise, track, and manage security information, checklists, and actions
- Task and dispatch security staff to respond to any event
- Manage lost and found property
- Schedule security escorts
- Fully integrated mapping to visualise locations of incidents, hazards, people, and assets
- Perform hazard and risk assessments
- Automatically generate security statistics on dashboards and security reports
- Easily capture rich logs for patrols, shift-changes, parking infringements, and other security activities
- Integrated communication templates: email, SMS, voice, and more
- Conduct alarm tests and inspections
- Monitor persons of interest
- Manage security staff and contractors
- Built-in dashboard analytics, structures, and ad-hoc reporting
- Automate and follow business procedures with fully configurable workflows
- Collect intelligence from the field via mobile apps
That’s not all, though. Looking for the right operational security management software solution? Download our purchaser’s guide, which takes you through all of the capabilities you’ll need to reduce security incidents and keep people and assets safe.
.svg)
Download your copy
About this Article
Published May 19, 2021