printer friendly version

Product vs risk assessment

An unfortunate reality that needs to be recognised is that many security companies actually use the security risk assessment as a sales boosting gimmick and this is not always to the benefit of the unsuspecting end-user. A lesser known fact is that this service, which is either provided dirt cheap or even for free, is not an independent security risk assessment but merely a product assessment. Remuneration and commission is made on the sales of the hardware purchased and installed or other services that the client signs up for. In this case, the assessor is simply a salesman.

When reviewing a site, the assessor-salesman will have a checklist through which he determines which products from his inventory can be installed and where. Furthermore, these solutions are generally predetermined prior to the inspection on what the consultant feels the client can comfortably afford.

The problem here lies in the fact that sometimes there may be certain weaknesses within the client’s physical security that the assessor’s limited stock cannot always remedy. The result is that the salesman does not reveal this to the client so that the sale is not lost and, more often than not, the end user only realises there is a problem after he has already had the system installed. Additionally, the advisor does not always have the relevant knowledge in terms of the actual functionality of his product, only the specification sheet. Most of the clients do not have a security background and simply accept the quotation spreadsheet without understanding what this entails or what he is paying for.

Successful security cannot be based on guesswork. An independent risk assessor visits the site blind and only once all the threats and vulnerabilities have been revealed in full does he begin to consider possible solutions. It should further be noted that the independent security risk assessment encompasses many different facets with respect to the client’s security status and not just hardware. Some of these elements are intangible and not even considered by the salesman-assessor despite the fact that these directly influence the overall security status.

The independent is focused on the functionality of hardware components and when providing the client with a complete security plan covering all interrelated elements of a good security system, he will recommend items generically. The client is provided with a highly detailed report clearly explaining what is required for his security system and how it works.

No quotation with item codes and prices listed is ever handed to the client, who decides in the end which specific brand he would like to purchase as he will have the understanding through the assessment of what is needed. In the event that the independent does supply a specific model or make, it is only because his team’s extensive research has shown that this particular item outshines others in its category, but the independent will ensure that his client understands exactly what the product’s pros and cons are.

Share this article:

Further reading: