• PRISM® is a unique and award-winning
    Performance and Risk-based Integrated Security Methodology


    It is the only dynamic all Security Risk Assurance framework in the world that positions security on a par with other Enterprise Risks and sets a standard that is visible and auditable.
    It is flexible enough to work within a client’s security risk management framework allowing for variations to be identified and accommodated where possible. PRISM® is about building on what works already for a client to achieve the right level of Risk Assurance.

The development of PRISM® arose from the work we do with governments on their national security strategies for CNI assets which seeks to develop resilience and ensure a unified approach to managing security threats across all CNI sectors.

Our work in this area led to several collaborative projects with the European Commission resulting in the publication of the Reference Security Management Plan [known as the RSMP] and The Financial Aspects of the Security of Assets and Infrastructure in the Energy Sector [known as the Guidelines].

The RSMP formed the basis of PRISM® and reflected the experience of our team in working in security risk management over many years. The Guidelines reflect Harnser’s experience in understanding how financial considerations impact on security decisions, whether from the perspective of investors, shareholders, rating agencies, banks, regulators and government on CNI assets and employees. We also promote thinking about risk-based pricing and risk-adjusted returns on capital investment, especially on large scale infrastructure projects.

PRISM® is a unique and award-winning Performance and Risk-based Integrated Security Methodology created by our team to provide Risk Assurance to those who are responsible for protecting their assets and people from deliberate attempts by individuals, groups and organisations to cause harm and damage. It covers all types of threats and methods of attack and can be applied to single or multiple assets or activities in single or multiple locations.

Security is a risk like any other risk so PRISM® includes four generic areas of risk management:

  • Environment

    The focus on environment reflects a regulatory approach introduced to oversee the use of pricing models for financial market products where gaps in the knowledge of those responsible for financial risk became apparent after serious losses posed a risk of systemic failure.

  • Assessment

    The Risk Model is the fulcrum of any risk management process and ours is rigorous and reflects a logical sequence of analysis that is granular and detailed. This ensures the money is only spent where it is necessary.

  • Mitigation

    Mitigating risk is where money can be wasted and our ability to offer integrated security services from planning to commissioning has its greatest value – all targeted to achieve performance-based Protection Objectives derived from the risk assessment process.

  • Reporting & Monitoring

    Reporting and monitoring in PRISM® is clear, simple, visual and effective. We know that a risk can change without warning and monitoring change is the only way to keep your assets and people safe.

We do not believe in large plans and endless reports – we believe in using robust tools and analytical frameworks to assess, evaluate, confirm, action, review and maintain what is needed to manage security risk.