In our last post we discussed why and when it could make sense to outsource your company’s security needs and hire a security consultant. To briefly recap that post the outsourcing of this service is an essential consideration when the expertise is not available in-house and you need an independent subject-matter expert, if you need to comply with Royal Institute of British Architects (RIBA) design stages on any expansion or new construction, or if you just need an unbiased independent opinion on a security matter.
Making the decision to outsource security by hiring a consultant is one thing but the next step is budgeting for this service and coming up with an idea of the overall project costs. Most security consultants work on daily rates that are part of a project’s budget but these costs are only part of the overall funding requirement. For instance the solution to any security challenge largely depends on the risk which in turn should dictate the significance of the security efforts and the costs associated with that solution. It is also important to note that providing a holistic solution can sometimes be cost-effective when considered against existing practices.
In this post we will take a closer look at what goes into estimating a technical security budget, it is hardly as cut and dry as one might initially think.
What Goes Into a Security Cost Assessment?
The Initial Risk Assessment
As stated above the initial risk assessment will largely help dictate the requirements and what you can expect to spend on any security efforts. Endeavours that come with more risk are by nature also likely to come with a higher overall cost as more comprehensive solutions will be necessary. This is why an initial risk assessment should be the first step in helping to determine any technical security budget.
Establishing an operational requirement and then a technical brief to meet that operational requirement is another key stage for developing solutions relative to the risks that have been identified. Operational requirements are simply defined as a tool to produce a clear and high-level statement of security needs based on the findings of a risk assessment and how these will be implemented to meet those requirements.
Basic Budget Costs
In addition to the consultant the overall budget must also take into account the other costs associated with the project. To ensure a comprehensive budget is prepared, it is essential to include a number of other factors in addition to the security equipment costs identified to create a comprehensive security solution. These could typically include the provision of a security network (or connection to the corporate network), fire alarm interfaces, workstations/servers, containment, mains power, building works, a security control/monitoring location, provision of temporary security officers during system downtime and a lot more.
Furthermore consideration must also be given to determine if the plan or any of the proposed hardware will affect the current building fabric (for example will work on a door effect the fire certificate?), require any existing solutions to be upgraded, mean that the latest regulations typically compliance with EN 179 and EN 1125 or any other local codes and regulations are now applicable.
There should also be a review of the longer-term operational costs from annual maintenance, equipment warranty periods, network/comms costs, IT support, green costs, etc. to security officers monitoring equipment and providing the required response.
There are several other factors that are worth considering in the budget for example does the proposed solution or can the security consultant provide any value-added benefit that goes above and beyond the fundamental security brief or operational requirements?
Are there any cost savings as a result of this value-added service either in the current security solution or elsewhere?
Are there any in-house professionals or resources that can provide some of these services or will your organisation be relying solely on a consultant or independent advisor?
Is there an in-house professional to manage a project or will the consultant be required to provide project management and witnessing after the security solution is procured?
The answers to all of these questions can impact the security system budgets of any organisation and should be considered.