Base Building Security/Annex B
Annex B of the Base Building Security Standard
Application of Threat and Risk Assessment for Base Building Security
The following are the key considerations for threat and risk assessments:*
Purpose: A threat and risk assessment is a process for evaluating specific threats to a building and infrastructure, determining the level of risk of the threats, and making recommendations to mitigate these threats.
Policy authority for threat and risk assessments: The TB Policy on Government Security states that government wide threats and risks must be managed proactively. PSPC uses security practitioners to achieve this by completing up-to-date threat and risk assessments, as mentioned in the TB Directive on Departmental Security Management. The threat and risk assessment process is also an integral part of demonstrating due diligence under several laws and regulations pertaining to performance-based regulation, and is further supported in TB policy as being the foundation for any security controls or baselines.
Role: The Property and Facility Management service line has the responsibility for developing the methodology and templates for threat and risk assessments, whether conducted by a third party or by Property and Facility Management service line staff. The Property and Facility Management service line monitors the program and ensures threat and risk assessments are conducted for all assets, which are updated as required, and by qualified persons, either through Property and Facility Management service line personnel or qualified third parties.
Application: The Property and Facility Management service line provides approved threat and risk assessment methodology and templates under the supervision, review and approval of Property and Facility Management service line staff who are responsible for the final recommendations.
If recommendations are altered or declined, the senior manager may request the intervention of the asset manager.
If the risk is deemed unacceptable by the Property and Facility Management service line, or if the risk impacts a third party, a departmental security officer risk mitigation may be requested, or the risk acceptance may be forwarded for discussion between the DSO and the Director General, Service Lead, Property and Facility Management, RPS, or equivalent executive who is accountable for the custodial asset.
Note: Some threat and risk assessment recommendations or observations may, by TB policy or other legislation, fall under the lead tenant or other building occupant. In these cases, an extract from the threat and risk assessment containing the recommendations and references will be forwarded to the senior officer of the department in the building, and a copy sent to the security organization of the department after consultation with the PFM of the asset. The PFM will be consulted on wording and relevance and also included on the communication to the client department.
*: While a threat and risk assessment is a major tool for base building security, it should not be viewed as the only tool available. Constant review and challenge of the in-place security with ongoing discussion through the National Quality Monitoring, Maintenance Management and Security (NQMMS) team will help resolve specific building-level issues outside the base building threat and risk assessment process.