About Valuation

Posted on by admin

The risk insurance is mandatory!

Until January 1, 2016, all Romanian companies should have had a security risk assessment. If this assessment is not available, an assessment that can be made only by certified auditors, they risked to receive fines of up to 10,000 lei. Nevertheless, at the end of 2015, the Government decided to extend the term for enforcement of the obligation for this risk assessment. The legal act is the Government Decision no. 1002/2015 regarding the amendment and supplementation of the Government Decision no. 301/2012 for approving the Rules for application of Law no. 333/2003 regarding the security of objectives, goods, valuables and the protection of individuals was published in the Official Gazette, Part I, no. 984 of December 30, 2015.

The legal act stipulates the “obligation to make a physical security risk assessment by the units set forth in art. 2 par. (1) of Law no. 333/2003 regarding the security of objectives, goods, valuables and the protection of individuals, republished, as subsequently amended and supplemented, established until June 16, 2012,  is extended until  July 1, 2017“. Previously, this term was set for January 1, 2016.  For companies established after this date the deadline was 31.12.2015.

For whom is the risk assessment mandatory?

Answer: The physical security risk assessment is mandatory for all trading companies, regardless of the nature of the share capital, that hold goods or valuables under any title and are obliged to ensure their protection.

Moreover, aside from companies, this risk assessment is also mandatory for ministries, other specialized central and local public administration bodies, autonomous organizations, national companies, national research-development institutes, as well as any other organizations that own goods or valuables.

Can I make a physical security risk assessment with the security company I already have an agreement with?  

Answer: Risk assessments cannot be performed by the companies that are providing security to the respective sites, as a result of the conflict of interests – for example, the assessment report suggesting a number of security positions of security equipment that is convenient from the point of view of providing security.

How do I check if the assessor is authorized to perform the work?

 Answer: The risk assessment can only be performed by persons with experience in this field, that have the capacity of Physical Security Risk Assessor as a result of passing the exam at the General Inspectorate of the Romanian Police and are registered in the National Register of Physical Security Risk Assessors (RNERSF).

The law provides that the lack of the physical security risk assessment is sanctioned with a fine between RON 5,000 and RON 10,000. Policemen, gendarmes, as well as mayors and their attorneys must check if the companies are observing the law with regard to the security of sites, goods, valuables and personal protection.

“The ministries and other specialized bodies of the central and local public administration, autonomous municipal companies, national companies, national research and development institutes, companies regulated by Law no. 31/1990, republished, as subsequently modified and supplemented, regardless of the nature of their share capital, as well as other organizations that own goods or valuables in any capacity, named units in this law, must ensure their security” in accordance with Law no. 333/2003.

In accordance with the law, the risk assessment must be performed by a physical security risk assessor that has to be registered with RNERSF National Register of Physical Security Risk Assessors. The applicable regulations do not provide a fixed price that an assessor can request for the performance of this type of analysis.

The physical security risk analysis is materialized through the documentation drafted during the standardized risk management process, which determines the necessary measures for the security risks to be within the acceptable limits.

How a risk analysis is performed

In accordance with the applicable legal provisions, the physical security risk analysis has the purpose of identifying vulnerabilities and risks, of determining the level of exposure to the occurrence of physical security incidents. In addition, it must also provide solutions for maintaining safety.

When filling in a risk analysis for a site, the assessor uses a questionnaire or an interview with regard to the company’s activity, as well as the existing security measures (alarm, video surveillance system, safe). In addition, the assessor must also visit the assessed site.

After that, the assessor shall fill in a risk calculation grid and draft a risk assessment report. If the risk level is not acceptable, the assessor shall determine a series of measures. For example, the assessor shall request, as the case may be, the employment of an additional guard or the installation of a surveillance camera in certain key points.

When the physical security risk assessment is revised

In accordance with the applicable provisions, the physical security risk assessment must be revised at least once every 3 years for the correlation with the dynamics of the internal and external parameters that generate and/or modify the physical security risks of the unit.

In addition, the law provides that the risk analysis must be revised within 2 months of the occurrence of a security incident at the respective unit or within a month of the modification of the architectural or functional characteristics or the beneficiary unit’s object of activity.

Moreover, the management of the beneficiary unit can request a new risk analysis whenever it considers that it is necessary.

Completing a physical security risk analysis implies several stages

The performance of the physical security risk analysis generally implies the following stages:

  • defining the internal and external parameters generating and/or modifying the physical security risks of the unit;
  • establishing the work method and instruments;
  • identifying all of the physical security risks, the impact areas, the events and causes of the risk, as well as the potential consequences;
  • analysing the risks to physical security;
  • estimating the risks of the beneficiary unit;
  • drafting the Assessment report and the proposals for treating the physical security risks.

Important! The physical security risk analysis is mandatory when submitting a company’s security plan for approval.

The security plan establishes the characteristics of the secured site, the number of guards, the technical security and alarm equipment, the connection and cooperation with other bodies responsible for site, goods, valuables and personal security and the measures that are to be taken in various situations.

The law provides that only the units performing cash operations have the obligation of ensuring physical security. They must also install a burglar alarm system that is capable of ensuring ”the perimeter detection at the level of the site’s protection fence in order to signal the unauthorized access to the security personnel on call”.