RiskUKApril2017

Insurance Rewards for Managing Security Risks
*For far too long, security has
been seen as a grudge
purchase, in the main due to
a lack of transparency in the
industry and an inability to
communicate to C-Level
decision-makers what they’re
receiving in return for their
monetary investment in
security measures. With
SABRE, we’re seeking to
shine a light on security.
We’re providing a robust and
consistent means by which
organisations can measure
performance and, in doing so,
facilitating improvement and
better value for money
We’re at the start of a long
journey, but we have a great
opportunity to deliver better
outcomes and reduced costs
and stimulate innovation
Insurers, insurance brokers
and building owners
interested in finding out more
about SABRE should access
the SABRE website
(www.bre.co.uk/sabre) or
contact BRE Global via e-mail
at: SABRE@bre.co.uk
security, employ competent persons at critical
intervals, monitor and evaluate ongoing
performance and actively seek to continually
improve their performance levels.
These are the attributes seen in management
systems which, for many years now, have been
used to deliver quality, sustainability and
Health and Safety. Furthermore, organisations
are increasingly seeking third party certification
to such systems in order to communicate their
performance in these areas.
Using these observations, the BRE Trust
funded a research project designed to assess
the feasibility of developing a security risk
management standard for the built
environment. More specifically, a standard that
can be used to improve security performance,
communicate security credentials to interested
parties, reduce procurement risk and,
ultimately, award an independent certification
of an organisation’s approach towards security.
The standard would need to respond to the
requirements of different stakeholders at the
various stages of a built asset’s procurement
and use, while at the same time recognising
that the familiarity of organisations with risk
management and management systems can
vary quite substantially.
Development of SABRE
That research resulted in the development of
SABRE which is assessor-led and can be readily
applied to either new or existing facilities.
Successful assessments result in third party
certification that’s recognised around the world.
The SABRE assessment process is led by an
independent SABRE assessor whose role is
essentially two-fold. First, they’ll verify
evidence against each of the 70 technical
issues covered by the scheme. Second, they
will undertake a scenario-based assessment of
current security risks based on the specific
attributes of a facility and its security.
The SABRE assessor will determine the
assessment score and the corresponding star
rating, with one star indicating an ‘Acceptable’
rating and five stars highlighting an
‘Outstanding’ score. If a given facility doesn’t
achieve the SABRE scheme’s minimum
standards, it will receive an ‘Unclassified’ rating
and not be eligible for certification.
In essence, these ratings provide insurers
with the ability to compare their customers’
“Following in the footsteps of BREEAM, the BRE’s highly
successful standard for sustainability, SABRE is assessorled
and can be applied to either new or existing facilities”
capabilities and commitments around security
and risk management. In addition to insurance
considerations, it can also be used within an
organisation to better understand priorities for
investment and identify improvement
opportunities across a portfolio of built assets.
The assessment of security risks will
highlight areas of vulnerability that should be
prioritised for investment and, equally so, those
areas where resources are potentially being
wasted and where existing or planned security
control offers poor cost benefit ratios.
By adopting a security-minded approach
towards planning and design, security risks can
be removed or reduced at lower cost using
integrated solutions. SABRE also recognises
and rewards the implementation of information
security controls that protect information
relating to a project and its security. This is an
increasingly important issue given the rapid
adoption of Building Information Modelling and
the increasing cyber threat.
Once a facility is occupied there are
significant opportunities to mitigate security
risks, even without further capital expenditure
on physical security. SABRE provides those
responsible for building and facility security
with a robust security risk management system
template, allowing measurement and
benchmarking of current performance and the
ability to demonstrate continual improvement.
Successful piloting
SABRE completed successful piloting and was
launched last December. Early adopters have
already welcomed SABRE, recognising the
benefits that a structured, risk-based approach
brings to security, in turn supporting design
quality and facilitating innovation.
Kevin Gausden, senior consultant at Arup,
explained: “We pride ourselves on providing
our clients with an holistic, whole-life security
and resilience consulting service. This new
SABRE certification means that we can offer our
clients greater transparency on spending and
reinforces the need for a structured, risk-based
approach to security. It affords our clients
further confidence, allows us to continually
adapt and provide innovative technologies and
solutions and absolutely reinforces the need for
early consideration of security issues.”
The BRE has initiated discussions with
property insurers to explain how SABRE
certification can be used as a robust and
consistent indicator for informing risk-based
pricing. With a view towards increasing the
overall uptake of SABRE and allowing for its
global delivery, the scheme will be delivered by
registered assessors.
46
www.risk-uk.com