SPONSOR CPD PROGRAMME Continuing professional development (CPD) is the regular maintenance, improvement and broadening of your knowledge and skills, to maintain professional competence. It is a requirement of CIBSE and other professional bodies. This Journal CPD programme can be used to meet your CPD requirements. Study the module and answer the questions on the final page. Each successfully completed module is equivalent to 1.5 hours of CPD. Modules are also available at www.cibsejournal.com/cpd Security risk management processes for building services This module explores the issues around security risk management in building services engineering applications The field of risk management, including risk assessment and mitigation, has seen significant growth in the past 30 years, highlighting the increasing importance of managing risks effectively across various contexts. Drawing on the material that contributes to the new version of CIBSE AM4.1 Security engineering: Strategy, this article will introduce security risk management processes for building services engineering applications. Security risk management goes hand-in-hand with business continuity and resilience, and each benefits from the active input of dedicated professionals. Designers of built environments must understand appropriate security concepts so that they can identify requirements and technologies in order to integrate them into their designs for a specific project. Built environments can have a variety of potential security risks that may be influenced by actions, designs, operations, and processes that are associated with the activity of the building services engineer. These may include a diverse range of areas such as: perimeter and internal security; access control; theft prevention; vandalism control; terrorism and natural disaster; threats to the person; fire safety; environmental and biological safety; occupant health and safety; information, document, IT and cyber security. Once threats, mitigation options and a strategy are defined, security engineering comes into play. This focuses on designing, specifying and integrating physical, technical, and procedural security measures. Prior to attempting to develop designs for security measures, it is essential to properly define what needs protection by identifying valuable assets in the built environment, and how these may be threatened. A holistic and likely cyclic approach will identify threats, which will help to achieve desired security outcomes, ultimately reducing vulnerability and risk, as illustrated in the simplified example risk management cycle of Figure 1. Security engineering contributes just one aspect of the procedure and resides towards the end of the security risk management process, relying on prior risk assessments, prioritisation and decision-making. Building services engineers, while experts in making buildings function, typically lack the specialised skills required to design and specify technical security systems within a defined security strategy, and so 1 Risk identification 4 Risk control Risk management cycle 2 Risk analysis 3 Figure 1: Simplified risk management cycle (based on draft AM4.1 Figure 5) Risk planning 1 What are the risks to the business? 2 How likely are the risks and what will be the impact? 3 What does management intend to do about those risks? 4 Is the risk management strategy effective and efficient? www.cibsejournal.com February 2024 41 CIBSE Feb 24 pp41-44 CPD Module 229.indd 41 26/01/2024 15:01