Using ESRM Principles to Revamp Your Risk Management Plan

chess board

Enterprise Security Risk Management or ESRM has been a methodology among corporate security professionals for a while now. ESRM approaches risk by aligning security practices alongside a company’s overall mission and goals. With the emergence of risk management strategies, talks, and advice against threats now exponentially growing due to the impact of the pandemic on businesses, corporate leaders have started to reevaluate their risk management plans. This is an opportune time to begin applying ESRM principles.

What is Enterprise Security Risk Management?

ESRM principles, alongside tools like the Risk Matrix, help apply security practices to any area performed by security, including physical security and cybersecurity. The convergence of physical and cyber is an important conversation deserving of its own attention; and so, we will primarily focus on physical security in this article.

What is the Objective of Risk Management?

How organizations identify risks and prevent threats depends on the way hazards, harms, and risks are quantified. Evaluating these factors leads to the start of an ESRM mitigation strategy, or action plan that determines the right level of response.

The Risk Management Workbook for Physical Security Leaders

The right level of response often requires leaders to understand two principles: ALIGN and ALARP.

ALIGN: The Simple Way to Direct Your Organization’s Action Plan

Unintentional human errors, fear of disciplinary action for mistakes, or failure to follow standard procedures are only but a few reasons why security vulnerabilities are not accounted for. By ALIGNing your organization’s directive, you can begin to optimize how your team responds to risk.

  • Align set policies with top safety tactics
  • Leverage technology to fill in natural human-error gaps
  • Investigate security personnel background, personal histories
  • Gain trust among internal and external stakeholder with strong company values and intent
  • Network among security personnel and stakeholders to identify areas for improved communication and continued education

ALARP: What Organizations Are Doing to Evaluate Risk

When circumstances are within a “gray” area of action, corporate leaders adopt a methodology called ALARP. ALARP is an acronym for As Low As Reasonably Practicable. ALARP puts risk as low as possible, so long as it remains “Tolerable” or “Undesirable”, but not “Critical” or “Catastrophic”. ALARP is a guiding principle for corporate leaders when developing their organization’s Risk Matrix.

What is the most common way security professionals establish a strategy for their risk mitigation plans?

Download this ebook to learn more.

download risk management matrix

How Often Leaders Need to Review a Risk Management Plan

If the events of the pandemic were not enough of a warning, corporate leaders must proactively prepare their risk management plans to face increasing workplace challenges. Often, there isn’t a straight answer – it depends on the organization. In short, a risk management plan needs to be reviewed as often as leaders are capable, and willing, to do so. Typically, organizations can look to review their plans on a quarterly basis and can use assessment tools to help them do it.

Stay Connected On LinkedIn and By Email

Be sure to follow the team on LinkedIn and to sign up below for the monthly newsletter for current industry updates.