OBJECTIVE OF A CORPORATE SECURITY PLAN

Identify, mitigate, and effectively manage risks and vulnerabilities that may threaten
business security, resilience, and organizational survival.

This involves a series of coordinated actions aimed at a specific objective using its
four main resources or assets: human, financial, administrative and operational
resources.

CORPORATE SECURITY STRATEGY

Companies must address security measures in line with the risks they face and,
always, with a preventive rather than reactive mentality.

Therefore, the first element of a security strategy is to determine the risk to control.

It is necessary to establish a methodology for choosing new security devices and

new technologies.

Define a communication policy for the security plan; delimit the process
implementation metrics.

Determine the company's business model and adapt it to security policies.

CORPORATE SECURITY PLAN

 1. First, an updated diagnosis of threats, risks and vulnerabilities must be
carried out. An adequate security plan necessarily begins with this
evaluation. It is an x-ray of how the business or company is at a given time
and place, from a comprehensive analytical approach.

2. Priority should be given to weaknesses, taking into account risk levels and
the cost-benefit of implementing improvements.

3. Grant authority to a central security manager. A corporate security plan

should ideally have a central person in charge and have the support of
senior management.

4. Form an organizational awareness to “accept or buy” the new security

measures that are determined to be implemented.

ELEMENTS SHOULD BE CONSIDERED IN A CORPORATE SECURITY PLAN

There are basic elements to consider, the importance and relevance given to each
one will depend on the size of the company, its line of business and its complexity.
Some of these elements are:

1. Corporate regulations on the matter.

2. Personnel security and physical security.
3. Security of the information.
4. Logistics security.
5. Methodologies for corporate security management.
6. Prevention and detection of crimes.
7. Risk management.
 8. Safety and industrial hygiene.
9. Research.
10. Business continuity plans.
11. Procedures to avoid fraud.
12. Crisis management plan.
13. Safety training of personnel.

Once the strategy and its implementation have been defined, companies must
establish the steps to follow in the event that a security problem occurs, since a
good strategy is of no use if it does not foresee how to respond to an unexpected
situation.

There must be Business Continuity Plans and Emergency and Crisis Management
Plans. These plans must be updated periodically, be provided with sufficient
resources and determine the mechanisms to know what has been breached. This
is the reactive part of security.

The company must make a list of potential crisis situations that may affect it and
analyze each of them in terms of the response and communication processes that
must be followed.

Depending on the level of the emergency or crisis, the company will convene its
Emergency Management Committee (this normally deals with operational issues,
such as the partial closure of a section of a plant due to an industrial accident) or
the Crisis Committee. (This committee deals with situations that can put the very
life of the company at risk, or situations in which the owners or shareholders are
directly affected, such as the kidnapping of a senior company official).

The company must be prepared to act in an orderly, systematic, and well-planned

manner in this type of situation, which will form an integral part of the Corporate
Security Plan.
 BASIC ELEMENTS OF SECURITY

The approach to any Security problem responds, by definition, to the existence of

one or several threats that can cause damage to people or property.

Without the presence of these risks, or potential causes of damage, Security

would be meaningless and, in the same way, without the existence of an object
susceptible to receiving damage, Security would constitute an unreality.

There will always be two basic elements: threats and threatened objects; These
two elements are the primary factors.

The existence of these two factors comes from the very nature of the concept of
Security and the study of its environment, which will provide a third factor. Finally,
the very notion of Security implies a fourth factor: protection, which translates into
the application of means. In short, the basic factors, or elements, of Security are:

1. The Object to protect (What we protect)

2. The Threats, or Risks (From what, or from whom, we protect it)

3. The dimensional elements: Space and Time (Where and when we

protect it)

4. The Means of Protection (How, with what, we protect it)

THE PREMISE OF PROTECTION

The first element is found in the very definition of 'Security' and responds, in any
case, to a basic question: “What are we going to protect.” It is, in short, the goal
pursued and the fundamental point of Security work.
The object to be protected is people and property. It will be necessary to carry out
a complete analysis of each of them, always in direct relation to the risks that affect
them. The concept of 'people to protect' ranges from an isolated individual, of any
nationality, race or level, to a national or continental group.

The protection of the president of a large company, or a high-ranking official in the

Administration, will have special characteristics, due to the peculiar risks it entails,
and will give rise to a specific form of Security, called 'Personal Security'.

In the same way, the protection of different groups can be treated: population of a
prison, people located in a hotel, inhabitants of a city, population of a hospital,
employees and clients of a bank office, population of an airport, population of a
port facility, employees and customers of a hypermarket...

According to the risks inherent to each of these groups, forms of prison, hotel,
urban, hospital, transportation, banking, port, etc. security will be produced.

THE THREATS, OR RISKS

The concept of protection implicitly implies the existence of a threat: “from whom,
or from what” it is necessary to defend People, Assets or Information. Therefore, a
rigorous analysis of all the threats that, in one way or another, loom over the Object
of protection must be carried out.

The determination of the risks that really affect the Protection Object, the selection
of the risks that must be faced, is a basic task in the Security Study.
No risk that may actually occur should be left untreated, but threats to the specific
problem should not be treated.

Danger.- Imminent risk or contingency that something bad happens. It is a fact or

phenomenon that can cause damage.

Threat.- Expression or situation of insecurity, created by the imminence of an

accident or malicious act.

Risk .- In probabilistic terms, it is the uncertainty regarding the possibility of an

event occurring, with a result contrary to the expected one.

Damage.- It is the loss of human life, bodily injuries, material and financial
damages and deterioration of the environment, as a direct or indirect result of an
accident.

THE MEANS OF PROTECTION

In general, the means of protection have different and complementary generic

functions.

MATERIAL RESOURCES

Passive Media.- Walls, bars, fences, special glass, security doors... Its main
purpose is to provide sufficient delay to the aggressive action, to ensure the action
of human security means.
Active Media .- They are the set of detection, centralization and optical systems,
mainly. Its function is to produce the necessary alarm, from the moment the threat
is triggered, and provide permanent information on its development. Optical means
can ensure the monitoring of the aggressor action in real time, facilitating the
effective performance of human security means.

HUMAN RESOURCES

Operational Means .- Made up of Security Guards who can assume the duties of
operators of the Control Center, surveillance and protection, in their various forms.
They have the basic function of reacting against the aggressive action, to cancel or
neutralize it, in addition to performing technical control functions of the systems
and optical surveillance, among others.

Organizational Measures .- Represented by partial action plans, safety standards,

safety procedures of all types and position orders. They have the essential purpose
of guaranteeing the essential coordination of the aforementioned means.

TRAINING FOR EXECUTIVES AND STAFF WITHIN A SECURITY PLAN

A large part of the success of a corporate security plan is based on the human
element that interacts with the other elements that make it up, such as processes,
controls, regulations and electronic systems.

The systems and equipment are reliable, but not infallible, and it is really the
people, trained in the components and standards of corporate security, who will
make the difference. It is essential that all personnel have training at the level
required by their position and responsibilities in the actions expected of them within
the security plan: follow the access control rules, security of sensitive information,
detection of risk situations. , etc.

On the other hand, a training strategy that has proven to be very effective, and
allows raising the security awareness of employees, is based on providing training
in personal self-protection as part of the companies' HR development program.
Employees perceive the company's interest in giving them tools that allow them to
live safer and, in turn, this benefit usually results in a more positive and interactive
attitude towards the company's security programs.

It is important to remember that a chain is broken by the weakest link and,

normally, this link is usually the human element, which is why it should have
particular importance in any Corporate Security Plan.

SYSTEMATIC OPERATION PROCEDURE FOR PHYSICAL SECURITY IN

FACILITIES

Control of people working in the building

With special attention to the changes that occur in the workforce of the entities that
have offices in the building.

Control of clients, suppliers and/or visits

With special attention to one circumstance: identifying the companions of the usual
people, since they can be used to access the building.

Functionality
What is the purpose for which the property was conceived and what type of main
activity is carried out there. Currently, newly constructed buildings enabled as
headquarters of official institutions and susceptible to certain risks, are designed
architecturally to protect against these threats, eliminating surveillance dead zones,
adapting barriers at their entrances, etc.

In the protection of buildings, information and observation are applicable, resulting

in adequate prevention and response to any risk situation in the building being
protected.

In all buildings there must be total coordination between the different security
elements involved, from the design of the installation of detectors and electronic
access to the organizational security measures, including the human element of
security.

CUSTOMER SERVICE HOURS

During this time period the risks are greater; The fact that there is a greater number
of people within the entity produces a decrease in the visibility of security
personnel and their ability to physically react, in addition to the fact that everyone
present can be the object of aggression.

In these circumstances, the Security Guard must be aware that the consequences
of his actions involve more people than just himself. Heroic acts can have
devastating effects on the physical integrity of the people present in the entity.
Prudence, cold blood and common sense are the weapons to use in these
situations.
In the event of a robbery, with the tension and violence that this entails, the
Security Guard must act with serenity, transmitting it to the rest of the personnel
present. The intervention you carry out must be based on the security that you do
not and they are going to cause greater damage than what they are trying to avoid.

HOURS CLOSED TO THE PUBLIC

Among others, security measures for the control of cleaning personnel

must be observed; notice changes in people and confirm the incidence.
Within the security rounds, special attention must be paid to the first, in
which all doors and windows must be closed, turning off lights and
machinery, if applicable, checking that no one is left inside the different
areas. When starting the next rounds, you have to make sure that
everything above is in the same situation in which it was left at the end of
the previous round.

Despite the measures and systems connected to the supervisor and the
Alarm Receiving Center, the aforementioned prevention measures must
not be neglected, based on the observation and control of unusual
situations.

If it is considered necessary, the presence of the Police will be requested,

in order to identify the individuals whose actions have raised suspicion.