The act on risk assessment is a legal obligation of companies
The act on risk assessment in the protection of persons, property and business is a document that a legal entity must have and whose drafting is prescribed by the Law on Private Security, i.e., amendments to the Law. According to Article 3 of the Decree on Mandatory Secured Facilities, risk assessment is mandatory and it is in fact “analysis and assessment in the protection of persons, property and business”. Article 34 of the Law stipulates that “technical protection system planning is performed on the basis of risk assessment in the protection of persons, property and business, prepared by a legal or natural person with an appropriate license, in accordance with this Law.” So, the first step on the way to building a security system is risk assessment in the protection of persons, property and business, which is an analysis of the situation in a business system based on which a company protection strategy is built and mobilize the necessary security resources.
Legal entities are obliged to update the Act on Risk Assessment in the Protection of Persons, Property and Business periodically, and at least once every three years. Fines are envisaged for non-possession and non-updating of the Risk Assessment Act. Legal entities that use the services of any protection (natural or technical) are obliged to draft an Act on risk assessment in the protection of property and business (except for micro legal entities and entrepreneurs), as well as legal entities that belong to the mandatory facilities in accordance with the Decree on mandatory provided facilities. The user and the service provider may not sign a contract that contracts a lower level of security services than those prescribed by the Risk Assessment Act when the assessment is mandatory in accordance with the law.
Risk assessment of the protection of persons, property and business in the broadest sense includes, in addition to analysing the security situation of the organization, checking the functionality and effectiveness of all elements that make up the protection system. In such a complex process, it is necessary for the organization to hire a team of licensed managers. This team, in addition to the standard methodology, also applies the simulation of negative scenarios in order to check the effectiveness of the protection system and determine the points of vulnerability of the system where improvements and changes need to be made. The goal of risk assessment is to prevent an adverse event through risk management.
This is a priority consulting activity, and the Act on Risk Assessment for the Protection of Persons, Property and Business is the primary document in accordance with the Law on Private Security, as well as the Ordinance on the manner of performing technical protection and use of technical means. Technical protection, as well as the design of the technical security system and mandatory maintenance of the technical protection system.
The act of risk assessment on the protection of persons, property and business is performed according to the requirements and in the manner prescribed by the current Serbian standard SRPS A.L2.003 (Safety and resilience of society – Risk assessment) deals with several groups of risks in the organization: risk assessment of general business activities , risks to safety and health at work, legal risks, risks of illegal actions, risks of fire, risks of natural disasters and other accidents, risks of explosions, risks of non-compliance with standards, risks to the environment, risks in human resources management, risks in the field of information-communication-telecommunication (ICT) systems.
The Decree on Mandatory Secured Facilities as well as the Rulebook on the Manner of Performing Technical Protection and Use of Technical Means define in more detail the obligations of companies pursuant to the Law on Private Security and introduce the obligation to perform risk assessment before setting up physical and technical protection systems.