FAQs | Get Security Answers Now — CG Security Consulting

Frequently asked questions.

General Consulting

What exactly does a security consultant do?

A security consultant provides independent, vendor-agnostic advice to help organizations protect their people, property, and assets. Unlike a security vendor who is trying to sell you specific hardware (like cameras or alarms), a consultant assesses your unique risks, identifies vulnerabilities, and designs a comprehensive security strategy. At CG Security Consulting, this includes everything from conducting risk assessments and designing integrated security systems to developing emergency response plans and ensuring regulatory compliance.

Are your consulting services vendor-agnostic?

Yes. Being vendor-agnostic is a core pillar of our methodology. We do not manufacture or exclusively sell specific security hardware. This independence allows us to act solely in your best interest, filtering through industry "noise" to recommend the most effective technologies and strategies for your specific budget and operational needs, whether you are utilizing existing vendors or seeking new ones.

What industries do you specialize in?

While the core principles of security apply universally, we specialize in environments that require complex, scalable solutions and strict regulatory compliance. Our primary focus areas include K-12 and Higher Education, Municipalities and Public Safety (smart city tech), Commercial Real Estate, Retail, and Small to Medium Businesses needing to meet specific workplace safety mandates.

Threat, Risk, & Vulnerability Assessments (TRVA)

What is the difference between a Threat, Risk, and Vulnerability Assessment (TRVA) and a standard security audit?

A standard security audit typically checks if you are complying with established policies (e.g., checking if doors are locked or cameras are recording). A TRVA is a much deeper, proactive analysis. It identifies the specific threats your organization faces (both physical and cyber), assesses your vulnerabilities to those threats, and assigns a quantifiable risk score based on likelihood and potential impact. The deliverable is a prioritized mitigation plan showing you exactly where to invest your security budget for maximum ROI.

How often should an organization conduct a TRVA?

Industry best practices dictate that a comprehensive TRVA should be conducted at least annually. However, an assessment should also be triggered immediately following any major operational changes, such as moving to a new facility, undergoing significant renovations, experiencing a security incident, or following a major shift in the local threat landscape.

TCO Calculator

What is the difference between on-premises, hybrid-cloud, and true cloud surveillance?

The primary difference comes down to where your video footage is stored and processed.

On-Premises: All servers, hard drives, and video management software live physically at your facility. This requires a larger upfront investment and ongoing IT maintenance.
True Cloud: Cameras connect directly to the internet and store footage securely in the cloud. This architecture requires minimal onsite hardware, lowering upfront costs in exchange for predictable, recurring software subscriptions.
Hybrid-Cloud: A mix of both. Footage is typically stored on a local appliance (saving internet bandwidth) but is managed and accessible via a cloud-based dashboard.

Why should I calculate TCO over 5 and 10 years instead of just looking at the upfront quote?

The initial purchase price of cameras and servers only tells a fraction of the story. Over a 5 or 10-year lifecycle, "hidden" operational costs—like replacing failed hard drives, paying for software updates, server cooling (HVAC), and IT labor—can drastically change which system is most cost-effective. For example, a system with cheap upfront hardware often ends up costing much more in year 7 than a premium cloud system with a comprehensive warranty.

What does "Rough-Order-of-Magnitude" (ROM) mean?

A Rough-Order-of-Magnitude (ROM) is a highly educated financial estimate used in the early stages of project planning. While it is not a finalized quote, our calculator uses standard pricing structures from top-tier physical security manufacturers to give you a realistic, data-driven baseline for budgeting your surveillance project.

Does the TCO calculator factor in software licensing and maintenance?

Yes. To give you an accurate side-by-side comparison, the calculator factors in the estimated costs of recurring software licenses, ongoing cloud storage fees, and the typical hardware replacement cycles you can expect with on-premises servers over a decade.

How do I know which architecture is right for my specific facility?

The best architecture depends on your specific operational needs, existing IT infrastructure, and internet bandwidth. While the calculator gives you a financial comparison, CG Security Consulting is entirely vendor-agnostic. We can help you analyze your unique environment to recommend the exact system that balances your security needs with your long-term budget.

Emergency Planning & Compliance

Can you help my business comply with California Senate Bill 553 (SB 553)?

Yes. Compliance with CA SB 553 (the Workplace Violence Prevention mandate) is a legal requirement for virtually all California employers. We provide end-to-end support for SB 553, which includes drafting your custom Workplace Violence Prevention Plan (WVPP), conducting the required site hazard assessments, and providing the legally mandated employee training.

What is the difference between an Emergency Response Plan and a Business Continuity Plan?

An Emergency Response Plan (ERP) focuses on the immediate actions required to protect human life and stabilize a situation during a crisis (e.g., evacuation routes during a fire or lockdown procedures during an active shooter event). A Business Continuity Plan (BCP) focuses on the aftermath, detailing how the organization will maintain or quickly resume critical operations and minimize financial loss while recovering from that crisis. We help organizations develop and integrate both.

Security System Design

What is CPTED and why is it important in system design?

CPTED stands for Crime Prevention Through Environmental Design. It is a methodology that focuses on naturally reducing opportunities for crime through intelligent architectural and landscape design. Before we recommend expensive technology, we look at CPTED principles—such as optimizing sightlines (natural surveillance), controlling access points, and using strategic lighting—to make your facility inherently safer and less attractive to bad actors.

Do you oversee the installation of the security systems you design?

Yes. We provide full-lifecycle support. Beyond the initial system design, we offer Quality Assurance and Project Management services. We can assist with vendor selection, review contracts, and conduct independent site inspections during and after installation to verify that the integrators are building the system exactly to spec and that it functions as designed.