Remember to prioritise security during changes in management and organisational transitions!
Leaders within companies are periodically replaced. Many individuals stepping into new roles use the summer to reset and prepare for their new responsibilities. A critical task for leaders at all levels is the ability to lead during a crisis, i.e., when something abnormal occurs. A crisis can occur at any time, and leaders must be prepared to handle it.
When new individuals join the leadership team, it is crucial to swiftly acquaint them with the existing contingency plans and ensure they have a good understanding of their roles during a crisis situation. They need to be familiar with the contingency plan and the procedures in place, as well as know who is part of the crisis management team for different incidents.
One thing is to read the contingency plan and understand what is written there and the role each person has. Another thing is to know how the crisis management team functions in practice. It is recommended to allocate time for reviewing both contingency plans and the crisis management team and, most importantly, to schedule time for exercises. A tabletop exercise over three hours will provide all participants with valuable insights into their roles and the contingency plan, making the organisation more resilient and better prepared to handle a real event.
The same applies during organisational changes. Many companies occasionally restructure their organisation, and tasks and responsibilities may shift. It may also be that the organisation has been assigned completely new tasks to fulfil.
An increasing number of companies are also brought under the Security Act or deliver goods and services to customers subject to the Norwegian Security Act (Sikkerhetsloven). In all these situations, risks and vulnerabilities will change, and there may be new regulatory requirements to meet. A comprehensive review of the risk and vulnerability analysis is necessary to determine whether risks and vulnerabilities remain the same or have changed, and whether any new regulatory requirements have emerged. Based on the review of the risk and vulnerability analysis, changes must also be made to contingency plans and procedures to ensure that there is no doubt related to responsibilities. To ensure that everyone understands their roles and responsibilities, an exercise should be conducted to verify that the adjusted contingency plans adequately cover the changes made.
Effectively safeguarding security is not overly demanding, but it requires continuous effort. We at Agenda Risk are happy to assist you in the process of conducting risk and vulnerability analyses, developing contingency plans and procedures, providing crisis management training, and planning and executing exercises.