Some threats, such as general crime, are inherent in society but it is necessary to focus on the threats and resulting risks specific to your business. Identifying security risks goes hand in hand with identifying the wider risks to the business. Managing security is increasingly seen as a strategic rather than operational role, and as such HR must be a stakeholder too.

1 Start at the top
The whole process of setting or refreshing a security policy needs to begin at board level because security is integral to business strategy. Company security is really about profit and loss, not gates and locks. Focusing on security can reveal new business opportunities.