In accordance with the Law on Private Security, it is mandated to conduct a risk assessment for the protection of individuals, property, and business operations, as well as to develop a Security Plan.
Risk assessment for the protection of individuals, property, and business operations represents a fundamental and strategic activity in the process of establishing an effective security system. Through this process, threats and hazards to the organization’s functioning are identified, providing concrete guidance and recommendations for the elimination and minimization of identified risks. In accordance with the Law on Private Security (“Official Gazette of the Republic of Serbia”, no. 104/2013, 42/2015, and 87/2018), the mandatory creation of a risk assessment for the protection of individuals, property, and business operations, as well as the development of a security plan, is defined. These documents serve as the basis for planning, installing, and using technical security systems, representing the first step in aligning businesses with the Law on personal data protection/GDPR.
Practically, this means that the use of technical security systems (video surveillance, alarms, access control, EAS, GPS, etc.) is not permitted unless they are specified in the risk assessment and security plan. Therefore, such systems without a risk assessment cannot function appropriately as they are not compliant with the law, posing a risk to users by unauthorized recording, profiling, and data collection of employees, clients, visitors, and third parties.
The risk assessment is a mandatory systemic document of strategic importance that analyzes multiple hazard groups according to the adopted standard SRPS A.L2.003. The security plan is the treatment, or defined handling of identified risks, containing a plan for technical protection with sketches and drawings of installed security systems or those yet to be installed.
Without the implementation of a risk assessment and security plan, the installation and use of technical security systems are not legal processes, and the legislator has stipulated high penalties for organizations.
It is essential to note a significant legal obligation, which prohibits the installation of technical security systems of lesser scope than assessed and designed by a licensed company, a detail to be considered from the beginning of the project.
The risk assessment is conducted through several phases, covering the analysis of hazards in the following categories:
