Answer by Andy Zavoina:
So long as required reports are properly made it would not matter. If this is one person doing both they could be combined.
Personally I would recommend dividing them for accountability and to separate physical security (robbery, SARs, alarms, etc.) from technological security. When asked for your reports by examining teams, they may find it easier if there are different teams for each. There is no reason to invite questions from one team about an issue not directly within their scope.
Answer by Dana Turner:
Depending upon the way the organization's structured, this could be a difficult question. I suggest creating the annual security report using three (3) components:
- Physical security;
- Procedural security; and
- Information security.
Physical security generally deals with facilities and what the institution owns. Procedural security generally deals with how the institution operates. Information security is often a hybrid -- containing both physical and procedural issues. The Facilities Manager, Information Systems Manager and the Security Officer should each author their respective pieces of the report -- and then decide who's going to review each component and then coordinate the final report production.
A guide is available in Banker Tools entitled, "Annual Security Program Report - How to Prepare".
First published on BankersOnline.com 07/07/03