Request a Demo

The Noggin Platform

The world’s leading platform for integrated safety & security management.

Learn More
Find Your Solution
  • Crisis management Crisis Management
  • Emergency Management Emergency Management

Apply best practices to plan for, respond to, and manage critical events and exercises. Built on ISO standards, you can respond faster with better collaboration using plans and playbooks, smart workflows, and real-time dashboards and insights, to ensure better incident response, decision-making, and continuous improvement.

Learn More
Request a Demo

All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.

Learn More
Request a Demo
  • Safety Management Safety Management
  • Employee Health & Wellbeing Employee Health & Wellbeing
  • Governance Risk & Compliance Governance, Risk & Compliance (GRC)
  • Asset Management Asset Management
  • Contractor Management Contractor Management
  • Visitor Management Visitor Management
  • Emergency Management Emergency Management

All the tools needed to automate your safety management system in one easy-to-use platform, following ISO standards. Increase efficiency with powerful automation capabilities and provide real time insights to all levels of your business. Configurable notifications, workflows, analytics, and mapping empower your safety personnel to make better decisions wherever they are.

Learn More
Request a Demo

Maintain a comprehensive view of the wellbeing of your workers, their needs, and the wellbeing initiatives conducted in your organization. Through various assessments, checks, analytics, and resources you can easily manage both the physical and mental wellbeing of personnel across various locations and programs.

Learn More
Request a Demo

A suite of tools to collect risk data from across your organziation from a range of stakeholders, in real time, and based on ISO standards. Fully customisable, with everything from a simple pre-task assessment though to an organisational risk register, we make it easy to capture risk data and provide the analytics to derive rich insights, to keep your organisation safe and compliant.

Learn More
Request a Demo

Track all your assets from your vehicle fleet, fixed or mobile plant and equipment though to your critical infrastructure using our range of tools. Plan maintenance ahead of time and by collecting lead indicator data from checklists and assessments on any mobile device, then enable users to update the status of your assets to track utilisation, share documentation and report issues.

Learn More
Request a Demo

Save time and money by enabling contractors to self-register and progress through a customizable workflow, to check documentation before becoming an approved contractor. Contractors can then be automatically followed up using workflows and notifications to keep their organziation compliant.

Learn More
Request a Demo

Streamline visitor sign-in using a QR code on a form tailored for your organisation. Visitors can complete inductions, answer questions and acknowledge content then have notifications triggered to their host based on their responses. Once on site, manage visitor cards, broadcast notifications and understand visitor trends to optimise your processes.

Learn More
Request a Demo

All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.

Learn More
Request a Demo
  • Physical Security Physical Security
  • Cyber Security Cyber Security
  • Visitor Management Visitor Management
  • Critical Infrastructure Protection Critical Infrastructure Protection
  • Emergency Management Emergency Management
  • Governance Risk & Compliance Governance, Risk & Compliance
  • Asset Management Asset Management
  • Contractor Management Contractor Management

Proactively manage all aspects of physical security operations from anywhere, on any device. Based on ISO standards, streamline your operations using workflow automations to guide information capture, enrichment, follow up tasks, and notifications. Validate threats and risks to drive better investment of your resources.

Learn More
Request a Demo

Manage cyber threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions, and drive continual improvement review cycles.

Learn More
Request a Demo

Streamline visitor sign-in using a QR code on a form tailored for your organisation. Visitors can complete inductions, answer questions and acknowledge content then have notifications triggered to their host based on their responses. Once on site, manage visitor cards, broadcast notifications and understand visitor trends to optimise your processes.

Learn More
Request a Demo

Consolidate the threat and risk picture across all your assets, easily demonstrate compliance with security obligations, and gain an ‘all threats’ perspective encompassing physical, cyber, personnel and supply chain. Address and manage cyber threats without having to implement costly new ICT systems and drive continuous improvement and review cycles.

Learn More
Request a Demo

All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.

Learn More
Request a Demo

Manage cyber, emergency and security threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions and drive continual improvement review cycles.

Learn More
Request a Demo

Track all your assets from your vehicle fleet, fixed or mobile plant and equipment though to your critical infrastructure using our range of tools. Plan maintenance ahead of time and by collecting lead indicator data from checklists and assessments on any mobile device, then enable users to update the status of your assets to track utilization, share documentation and report issues.

Learn More
Request a Demo

Save time and money by enabling contractors to self-register and progress through a customizable workflow, to check documentation before becoming an approved contractor. Contractors can then be automatically followed up using workflows and notifications to keep their organziation compliant.

Learn More
Request a Demo
  • Business Continuity Planning Business Continuity Planning
  • Crisis Management Crisis Management
  • Governance Risk & Compliance Governance, Risk & Compliance (GRC)
  • Continuity of Operations Continuity of Operations (COOP)

Follow ISO standard approaches to determine disruption impacts and develop plans & recovery strategies to address risks. Track gaps, dependencies and tests, capture exercises, and manage insurance details. Scale up to any incident and back down to business as usual as quickly as possible and drive continuous improvement.

Learn More
Request a Demo

Apply best practices to plan for, respond to, and manage critical events and exercises. Built on ISO standards, you can respond faster with better collaboration using plans and playbooks, smart workflows, and real-time dashboards and insights, to ensure better incident response, decision-making, and continuous improvement.

Learn More
Request a Demo

Manage cyber, emergency and security threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions and drive continual improvement review cycles.

Learn More
Request a Demo

Ensure preparedness across your organisation. Conduct business impact assessments and quickly identify essential functions. Assess hazard and threat risks. Identify technology, assets, facilities, and critical personnel. Gather and assemble essential information and documents. Develop, test and maintain your COOP plans. From readiness and preparedness to reconstitution, manage all four phases of the Continuity of Operations Plan to minimize business loss and disruption.

Learn More
Request a Demo
A guide to developing your covid-19 return to work plan
Whitepaper

Developing Your COVID-19 Return to Work Plan

Access the Guide

Who We Are

The world’s leading platform for integrated safety & security management.

Learn More
Whitepaper

An Introduction to Operational Security Management

Noggin

Security Management Software

Published May 19, 2021

The operational security management controls and systems you need to protect people and assets.

Why we’re talking about operational security management now

With physical security increasingly compromised, operational security management matters more than ever.

Physical security management, if you didn’t know, is all about protecting personnel, information and physical assets from the physical threats that can cause harm, damage, and/or disruption to your business operations. Those threats not only include intentional acts of destruction, such as theft, vandalism, and arson. But they also comprise natural events or other environmental conditions that might have an impact on the physical security environment.

So, where does operational security management fit in? Well, operational security management gauges the effectiveness of the technical controls (e.g., access controls, authentication, and security technologies) your company has put in place to secure its premises and safeguard the confidentiality, integrity, and/or availability of its systems and data.

Why we’re talking about it now is that compelling evidence suggests that existing operational security controls have been inadequate. For instance, 20 percent of enterprises acknowledge experiencing an increase in physical security incidents since the start of the COVID-19 crisis. What’s more, a third of organisations think that they will see an increase in physical security incidents in 2021. What’s going on?

Challenges to deploying effective operational security management controls

A big issue we’re seeing with operational security management in the era of COVID-19 is security guards aren’t able to stop physical security incidents.

However, if you look back to the pre-pandemic data, many of the same operational security management challenges existed. Specifically, security professionals noted an increase in workplace risk, while also decrying high levels of unpreparedness to deal with specific physical security threats like workplace violence, environmental incidents, and active shooter events.

In addition, there was particular concern with the increasingly mobile nature of the physical security threat. After all, the workforce is more mobile and mobile-reliant than ever. The information assets those mobile workers store on their corporate-liable mobile devices, however, still exist in physical environments that must be secured and protected.

If that isn’t enough, maintaining security poses an important operational risk to the organisation. Physical security incidents themselves have massive spill-over to all segments of the business. Yet, the physical security capability doesn’t always treat every aspect of security, including risks and hazards. We can tell, because the operational security tools procured often only provide for data capture and analysis as well as other incident reporting capabilities.

Sure, those features are important. But limited operational security management system functionality impedes physical security incident response, as teams respond without a clear understanding of the underlying risk. Similarly, upper management makes less informed security policy decisions with limited situational awareness of the company’s physical security risk profile.

Operational security management controls to better safeguard the confidentiality, integrity, and/or availability of systems and data

What then are some possible operational security management controls that organisations can put in place to better protect physical and environmental security? For starters, when approaching operational security management, organisations should live by the risk-based mantra that the higher the value and the risk, the higher the level of protection.

Organisations can also break down operational security management into two manageable categories: securing areas and securing equipment. More ambiguous than equipment, secure areas are sites where organisations handle sensitive information or keep business-critical IT equipment and personnel. Operational security management provisions would deal with protecting the physical environment in which those assets are housed, e.g., buildings, offices, data centres, etc.

To this end, organisations should be looking at the specific risks of physical access to those assets. Organisations must then deploy operational security management controls, where appropriate, to manage (limit or simply control) physical access.

Operational security management protocols for equipment security should follow a similar logic. Organisations should consider where their equipment is housed and whether that equipment is housed appropriately. Practically, that puts the onus on security managers to ask risk-based questions like:

  • Is important IT equipment vulnerable to water damage or other form of compromise?
  • Where are cables running?
  • Who’s responsible for maintaining equipment? Are they qualified?
  • What provisions are in place for equipment that leaves the premises?

What are some specific operational security management controls organisations can put in place? Well, international security management standard, ISO 27001, recommends the following measures for securing areas and equipment:

Operational security management controls for securing areas and equipment

Secure

Areas

Type

Operational security management control

Physical security perimeter

Security perimeters (barriers such as walls, card-controlled entry gates or manned reception desks) shall be used to protect areas that contain information and information processing facilities.

Physical entry controls

Secure areas shall be protected by appropriate operational security management controls to ensure that only authorised personnel are allowed access.

Securing offices, rooms, and facilities

Physical security for offices, rooms, and facilities shall be designed and applied.

Protecting against external and environmental threats

Physical protection against damage from fire, flood, earthquake, explosion, civil unrest, and other forms of natural or man-made disaster shall be designed and applied.

Working in secure areas

Physical protection and guidelines for working in secure areas shall be designed and applied.

Public access, delivery, and loading areas

Access points such as delivery and loading areas and other points where unauthorised persons may enter the premises shall be controlled and, if possible, isolated from information processing facilities to avoid unauthorised access.

Equipment

Security

Type

Operational security management control

Equipment sitting and protection

Equipment shall be protected to reduce the risks from environmental threats and hazards, and opportunities for unauthorised access.

Supporting utilities

Equipment shall be protected from power failures and other disruptions caused by failures in supporting utilities.

Cabling security

Power and telecommunications cabling carrying data or supporting information services shall be protected from interception or damage.

Equipment maintenance

Equipment shall be correctly maintained to ensure its continued availability and integrity.

Removal of assets

Equipment, information, or software shall not be taken off-site without prior authorisation

Security or equipment off-premises

Security shall be applied to off-site equipment taking into account the different risks of working outside the organisation’s premises.

Secure disposal or re-use of equipment

All items of equipment containing storage media shall be checked to ensure that any sensitive data and licensed software has been removed or securely overwritten prior to disposal.

Unattended user equipment

Users shall ensure that unattended equipment has appropriate protection

Clear desk and clear screen policy

A clear desk policy for papers and removable storage media and a clear screen policy for information processing facilities shall be adopted.

 

Building a best-practice operational security management practice

The operational security management controls detailed above all serve as a means of preventing unauthorised access, damage, and interference. There exists the danger, though, that those controls will be implemented piecemeal.

To be effective, operational security management controls have to be in keeping with a broader physical security strategy. Here, companies should think holistically about how the part (operational security management) fits into the whole (physical security management). Steps might include:

  • Integrating the allocation of physical security resources into the organisation’s overall mission, objectives, and goals
  • Consolidating operational security management controls and other physical security functions into an internal security office that reports directly into the C-suite
  • Naming a director of Security who would be responsible for managing and allocating physical resources based on risk assessments and using pre-defined metrics measures to justify the allocation of security resources
  • Periodically reassessing that resource allocation

Operational security management technology to achieve your physical security objectives

Another thing: the physical security capability itself can’t exist in a silo – not from IT or from the other safety-promoting programs in the organisation. In fact, we’d go so far as to say that the physical security program should involve active collaboration of the C-suite and Security Management with the facilities management, work safety, emergency management, crisis management, and business continuity programs.

Nor should that collaboration be in name only. Safety and security protecting software systems should all be integrated, as well. That’s because in a given organisation, the relevant information relating to physical security risks will oftentimes exists in multiple software platforms. That information becomes especially pertinent during a security incident.

How to ensure that information is available to security personnel when it matters most? These operational security management software capabilities are critical:

  • Make your security guards your data centres. By nature of the game, security guards will be field-focused. But that doesn’t mean they can’t be valuable sources of actionable data, both before an incident occurs as well as in the middle of incident response. However, most operational security management platforms don’t do a great job of empowering guards to do the kind of data gathering and transmission work that actually reduces physical security risk and improves the efficiency of operational security management controls. To better leverage guards’ data-gathering potential, security teams need mobile physical security software that gives field personnel the ability to easily capture rich logs for patrols, shift-changes, parking infringements, lost and found property, security escorts, and other activities. An added bonus: incident reports delivered via mobile also give security managers more context into the security event itself than manual reports, generated hours or days after the fact.
  • Add geospatial functionality to a mobile solution. Geographically dispersed asset systems are quickly becoming the norm, especially in the era of COVID-19. An unintended consequence: components in the field often lack appropriate physical security. Overcoming that particular challenge takes operational security management software that gives teams real-time spatial information, via fully integrated mapping features. That way guards and the rest of the security team can better visualise the locations of risks, incidents, people, and other assets. What specific mapping capabilities are required? Foremost, locations should be automatically geo-referenced, so that teams can create maps of events, assets, risks, etc. Once created, those maps should be publishable on system dashboards, in reports, or as feeds. Operational security management software should also enable security teams to design their own maps, by selecting and filtering layers of information, as well as visualising spatial data.
  • Enhance information flow, enable multi-channel communication. Another limitation of traditional, command- and control-based physical security operations is that their underlying paper-based processes severely restrict the way information flows. In many cases, the business units who help manage risk and response have little to no access to relevant physical security data.
    Operational security management apps can help, though, enabling teams to communicate, share information, and follow-up across a variety of channels, all within the mobile app itself, including dedicated, event-specific chat rooms, email, SMS, and app notifications. Additional, advanced features to improve collaboration in a mobile setting include workspace dashboards for security managers, supervisors, dispatchers, and patrol officers.
  • Meet duty of care obligations. Physical security threats exacerbated by increasing mobilisation often compromise legally-mandated work safety protections. Since mobile operational security management apps enable security personnel to capture information faster, they bring much-needed speed and efficiency to incident response, especially when integrated with safety management software that handles the health aspect of business continuity management. Other features to consider include best practice safety forms for the most common health and security-compromising incident types: fire, explosion, bomb threat, hazardous materials, industrial action, vehicle incident, etc.
  • From business-as-usual to crisis and back again. As mentioned, operational security management has important overlaps with crisis and emergency management. Security incidents can spiral into larger, critical events, which usually necessitate coordinated, cross-functional interventions. It’s possible, however, to respond to those types of incidents within the same, integrated solution. Of course, security teams do more than tackle critical incidents. There’re also a number of routine business-as-usual operations they engage in on a daily basis, e.g., patrols, checks, inspections, and business-as-usual logging and reporting. The right operational security management solution should bring demonstrable efficiencies to those operations, as well: in essence, scaling up to meet extraordinary incidents and back down for routine operations.

Finally, the COVID-19 crisis has exposed many of the weaknesses in operational security management controls. Integrated security management software for physical operations can bring much-need efficiencies, even when staff is geographically distributed. Looking to build your business case for a software solution that scales with the pace of physical security crises? Download our buyer’s guide to operational security management software.

Download A Buyer's Guide to Purchasing Security Management Software

New call-to-action