Introduction

The terms security and safety culture were first used in 1986 by the staff members of the International Atomic Energy Agency (IAEA) following the accident at Chernobyl nuclear reactor. The team investigating the accident found out that the main reason for the reactor overheating were the shortcomings in the organization's security and safety culture. After this disaster, the security and safety culture found itself in the center of interest in order to optimize the impact of corporate culture on the security and safety behavior of employees (Slovackova 2015).

Several authors devoted themselves to defining security and safety culture and security environment. Accordingly, Cox and Cox (1991), Berends (1996), Hale (2000), and Mohamed (2003) argue that a security and safety culture reflects attitudes, beliefs, perceptions, and values that employees share in relation to security and safety. These attitudes, beliefs, and perceptions, set out by groups, are defined as norms and values influencing their actions and responses in relation to risks. Thus, the security and safety culture are influenced by the subconscious behavior of the organization's employees when dealing with security and safety issues. Cieslarczyk (2011) considers security and safety culture a way of thinking about security and safety (what security and safety is and how to express it), or as perception of security and safety and evaluation of security and safety (t. i. how to achieve security and safety, what it precisely means, techniques and technologies being used to achieve security and safety). Price and Forrest (2016) state that security and safety culture are in a close relationship with an organizational culture. As a result of this, security and safety culture can be defined as an organization's commitment to addressing security and safety at all levels of the organization. Security and safety culture helps to promote security and safety through employee training, communication, and risk awareness. Last but not least, one of the main signs of strong security and safety culture is an employee who feels responsible for workplace security and safety. According to the Institute for Industrial Safety Culture, safety culture is a set of ways and behaviors being shared within an organization which aims to manage the most important risks associated with its activities (What 2019). It is about encouraging all employees to bear in mind common values and approaches to workplace safety. The focus point is how people behave when no one is looking. For the most part, safety culture affects the way the society considers and approaches security.

Assuming there might be found same underlying core in all these definitions, they all focus on the way how people think or behave in relation to security and safety. These definitions tend to reflect the view that security and safety culture is something that an organization “is,” rather than something an organization “has.”

Partial results of our research into security and safety culture, focused on the definition of security and safety culture, its elements, indicators, and possibilities of its investigation, were published in our contributions to the organization's security and safety culture. Moreover, there were pointed out some organizational indicators, its measurement capabilities, characteristics, description and assessment of the organization's security and safety culture, and methods of security culture assessment at foreign scientific conferences (Halaj and Hofreiter 2018; Halaj et al. 2018, 2019).

Although the issue of security and safety culture, including pointing out its importance, was addressed by several predominantly foreign authors, there is still no generally accepted way of assessing security and safety culture at an organizational level. The only suggestion for such an assessment was offered by Kirschstein & Partner, which presented the benchmarking analysis (Halaj et al. 2019).

For this reason, the aim of this analysis is to measure the general security and safety status of the security and safety and its culture, as well as their level in a particular organization. The result of such analysis is a security and safety culture coefficient (numerical expression) and a security and safety culture grid. On closer examination of this proposed analysis, however, there is a great deal of confusion (such as the unknown origin of most of the input values in individual areas) without which it cannot be used or modified in practice.

Based on the inclusion of security and safety culture among the endogenous security and safety factors of an organization (Hofreiter 2016) and the absence of possible ways of assessing it, it is necessary to propose and describe a possible way of assessing its level.

Tools and methods of security and safety culture assessment

Based on the current need for the availability of tools (or methods) for assessing the security and safety culture level, using a detailed analysis of this issue (Haber and Shurberg 2002), we propose a security and safety culture assessment model that consists of several steps, shown in Fig. 1.

Fig. 1
figure 1

Source: authors

Company’s security and safety culture assessment model.

Full size image

Figure 1 shows the security and safety culture assessment model and it discerns the steps to be followed. The steps are made up of selecting and determining the security and safety culture sectors, the subsequent selection of security and safety culture indicators and determining of their values, and finally, a proposal for the overall calculation of the security and safety culture level.

Selection of sectors for analysis

Accordingly, the first step takes to divide the security and safety culture into its sectors in which it can be observed and evaluated. The Security and Safety Culture Sector (SSC) are as follows (Fig. 2):

Fig. 2
figure 2

Source: authors

Security and Safety culture sectors.

Full size image

We briefly comment on them now.

Priorities and aims of the organization (SSC1)

The way a company manages things and its general direction can play a pivotal role in assessing the security and safety culture. This sector implies the very attitude of the organization towards ensuring and applying security and safety in its internal environment (Vermeulen and Pretorius 2016).

Security and safety education (SSC2)

Security and safety education focus on the training of all employees of the organization in the field of security and safety (Sherif et al. 2016). Employee education usually takes the form of trainings, workshops, consultations, and verification of knowledge and skill. Each organization should attempt to at least comply with the training requirements of its employees in the applicable legislation. However, this minimum often cannot be considered sufficient to build a positive security and safety culture within the organization.

Management of the organization’s security and safety (SSC3)

The organization's security and safety management methods form a security and safety culture within it. The influence of security and safety management on the security and safety culture can be traced particularly to the way it ensures, regulates, monitors, evaluates, and continuously improves the security and safety of the organization (Sennewald 2003).

Work environment (SSC4)

The work environment of the organization's security and safety culture reflects the state security and safety in the workplace that employees can influence by their activities. This may include identification and compliance with accepted rules and regulations (Burns et al. 2015).

Security and safety consciousness and behavior (SSC5)

The sector of security and safety awareness and behavior concerns primarily the employees of the studied organization and the level of security and safety culture at the individual level of its employees (Belan 2015). These two factors undoubtedly affect the security and safety culture of an organization, which, as mentioned above, is shaped primarily by individuals within it.

Statistical data (SSC6)

This sector is closely linked to the security and safety documentation, and its quality, which is processed within the organization (Sedinic and Perusic 2015). In assessing the security and safety culture, it is possible to focus on occupational deaths, injuries, accidents, or near accidents. It is also possible to assess the success or failure of any attempts to disrupt the internal security and safety environment of the organization.

When assessing security and safety culture, the importance of its individual sectors cannot be considered equivalently. Because of that, we used the Saaty method (Saaty 2004, 2008) with nine degrees of evaluation to compare the importance of different sectors of the organization’s security and safety culture (the nine degrees are as follows: equal importance; weak; moderate importance; moderate plus; strong importance; strong plus; very strong or demonstrated importance; very, very strong; extreme importance).

In the next stage, competent representatives of companies—experts—took part in the evaluation of the criteria. Firstly, based on the Saaty method, experts assigned weights to the criteria in pairwise comparison. Secondly, they assigned these weights according to which criterion they preferred. Thirdly, the geometric mean and the resulting values were then calculated. Finally, the consistency of the results obtained was verified. The result of whole process was the allocation of weights of importance to each sector as follows (Table 1).

Table 1 The resulting weights of the security and safety culture sectors
Full size table

Selection of security and safety culture indicators

Sectors of security and safety culture, which play a key role in its comprehensive assessment, will gain their values by the arithmetic mean of the security and safety culture indicators (ISC) that underly each sector. Indicators of the security and safety culture of an organization reflect its level and, at the same time, they can be used for its effective measurement. Therefore, security and safety culture indicators need to be adequately visible, identifiable, and measurable (Belan 2015). Based on their nature and the possibility of their expression (qualitative, quantitative), they can be used for measuring, assessing, and evaluating the level of security and safety culture (Rudolph and Schwarz 2012). Security and safety culture indicators can be viewed as precursors to identifying the state of the environment, conditions, and sectors of interest.

Security and safety culture indicators, which reflect its level in individual sectors, might vary from one organization to another. Their number and scope will depend on the specificities of each organization (size or focus) (Srenkel 2016). Security and safety culture indicators need to be correctly established and evaluated using one or a combination of several selected methods before they can be used to assess either the sector or the overall security and safety culture of an organization. In our paper, we will introduce security and safety culture indicators (ISC 1–20), which can be established in most organizations, along with their possible grades.

Methods for data acquisition

A rating of 1 (highest grade) to 4 (lowest grade) should be assigned to each security and safety culture indicator identified. The evaluation of indicators will be based on data obtained by a combination of four methods:

  • structured interviews with the management of organizations,

  • questionnaire survey among employees of organizations,

  • analysis of statistical data, and

  • observation.

Structured interviews with the management of organizations

Predefined questions should include and extend selected indicators of security and safety culture and selected security and safety areas. The respondents' answers should be comprehensive and oriented towards the way of securing and implementing the security and safety of individual sectors. The directed interviews with the management of the organization aim to obtain data on security and safety and the implementation of security and safety culture. A good orientation in the context of security and safety culture is a prerequisite for conducting a structured interview with management representatives. In a structured discussion, it is necessary to ask additional questions, and develop and refine the answers (Taylor-Powell 2019). To conduct structured interviews, we propose to use a compiled set of 21 questions aimed at ensuring and managing security and safety in the organization.

Questionnaire survey among employees of organizations

By means of the questionnaire, we can get information about what people do, what they own, what they think, know, feel, live or want, what values they prefer, and what are their opinions (Rudolph and Schwarz 2012). Questions in the questionnaire should expand and verify responses obtained through the structured interviews with management. Therefore, they need to be focused on the same areas as the questions of structured interviews and be formulated as accurately as possible. These questions must be supplemented by questions about security and safety awareness and behavior of the organization's employees. It is not possible to determine the number of employees to participate in the survey, but the relevance of the data evaluated should involve as many of these employees as possible. Subsequently, the questionnaire needs to be statistically evaluated and partial results can be worked out. A questionnaire with 34 questions was created for this purpose. The questionnaire was pilot tested in one organization. Although the views obtained from the questionnaires may be subjective, eliminating respondent bias is complicated but possible.

Analysis of statistical data

The analysis of statistical data can provide a significant insight into the potential future development and direction of security and safety culture of organizations. Analysis of statistical data can be used either to support the conclusions drawn or to confirm the established hypotheses. Methodological use of statistical data analysis is conditioned by the processing of quality documentation and the willingness of the management of the organization to disclose selected information. The data being used to assess the security and safety culture of an organization are as follows:

  • information on number of deaths within the reference period,

  • information on workplace accidents within the reference period,

  • information on the security incidents,

  • information on security rules and regulations being broken,

  • information on thefts,

  • information on attempts to disrupt the organization’s premises,

  • information on physical violence and discrimination within the organization,

  • information on participants of OSH trainings, and

  • results of security checks, controls, and audits.

Data from statistical surveys might be distorted. Due to this fact, data reliability largely depends on the professionalism of the one who obtains them, the method of acquisition, independence, and other parameters.

Observation

An observation serves as a complementary method aimed at supplementing or verifying the information obtained. The observer must be aware of their intent and be able to partially evaluate the information obtained. Furthermore, the great advantage is that the person observing the organization might remain incognito and observe the internal environment of the organization and the behavior of the employees of the organization. In line with this, the observation can explore primarily adherence/violation of adopted rules and regulations (through random inspection or video surveillance systems), security and safety behavior of employees, elements of security and safety located in the premises of the organization, organization of workplaces, corporate culture, etc.

Evaluating the security and safety culture indicators

An important step in the evaluation of the security and safety culture of an organization is the quality evaluation of the identified security and safety culture indicators. More precisely, assigning values to each indicator will be done using an expert evaluation based on data and results obtained from methods used for data acquisition. The methodology was elaborated on the basis of large literature research (Brickson 2007; Buganova et al. 2014; Eames and Moffett 1999; Fraser and Henry 2007; Hesarzadeh and Bazrafshan 2018; Holla et al. 2010; Karjalainen et al. 2020; Kubas et al. 2017; Kurc and Oktay 2018; Lewis et al. 2015; Lovecek and Ristvej 2010; Lovecek et al. 2017; Ristvej et al. 2013; Rehak et al. 2018; Siser et al. 2017; Siponen et al. 2014; Vance et al. 2012; Wirtz et al. 2016). Besides that, methodology contains a precise definition of questions set up by the interviews and the questionnaire survey, which should be focused on when assigning values to individual indicators. The values of individual indicators of security and safety culture will serve as a basis for its comprehensive assessment. Security and safety culture indicators as a whole can be expressed by the following assessments (Table 2).

Table 2 The list of security and safety culture indicators ISC
Full size table

Evaluation of security and safety culture sectors and computing the level of security and safety culture

The values of some of the indicators will play a pivotal role in the assessment of more than one sector. Accordingly, indicators of security and safety culture being used to assess the security and safety culture sectors are listed in Table 3 as a whole.

Table 3 The list of security and safety culture sectors
Full size table

At this stage, the security and safety culture sectors of an organization acquire their values by means of the arithmetic mean of the indicators being determined for their evaluation from the interval of < 1,4 >.

The final step in the evaluation of the security and safety culture of an organization is usage of partial results when substituting into the proposed formula (1). The weighting, or more precisely coefficients of each sector of the security and safety culture, as mentioned above, will play an important role in this final evaluation. Thus, the following relation can be used to assess a security and safety culture (SC) by using its rated sector indicators.

$${\text{SC}}={({\text{CS}}}_{\text{SC}}1*{\text{S}}_{\text{SC}}1+{\text{CS}}_{\text{SC}}2*{\text{S}}_{\text{SC}}2+{\text{CS}}_{\text{SC}}3*{\text{S}}_{\text{SC}}3+{\text{CS}}_{\text{SC}}4*{\text{S}}_{\text{SC}}4+{\text{CS}}_{\text{SC}}5*{\text{S}}_{\text{SC}}5+{\text{CS}}_{\text{SC}}6*{\text{S}}_{\text{SC}}6)/CP,$$
(1)

where

  • SC—Security and safety culture of an organization

  • CSSC1-6—Coefficients of security and safety culture sectors, which have the following values:

    • CSSC1 = 1,2

    • CSSC2 = 0,4

    • CSSC3 = 1,3

    • CSSC4 = 2,4

    • CSSC5 = 3,6

    • CSSC6 = 1,1

  • SSC1-6—are values of the security and safety culture sectors in an organization from the interval of < 1,4 >,

  • CP—Coefficient of proportionality (with the aim of regulating the result into an interval of < 1,4 >.

By substituting all previously obtained values into the formula (1), we obtain a numerical computation of the value of the security and safety culture of the examined organization. In conjunction with numerical computation, we are able to determine the level of safety culture. Based on our research, assessment, and experience of various organizations, the scale for level of safety and security culture can be set as follows:

  • (3,5; 4>—Very high level of security and safety culture.

  • (3; 3,5>—High level of security and safety culture,

  • (2,4; 3>—Medium level of security and safety culture,

  • (1,7; 2,4>—Low level of security and safety culture,

  •  < 1; 1,7>—Very low to no level of security and safety culture,

Very low to no level of security and safety culture

This level of security and safety culture puts forward significant deficiencies both at the level of the organization and its leadership and at the level of individuals within it. The organization often fails to comply with basic legal regulations in the field of security and safety. Furthermore, it does not have security and safety among its priorities and is not willing to invest in it. In line with this, employees of an organization with this level of security and safety culture neglect their responsibilities and measures to protect themselves. They have a lax and indifferent attitude to the threat; in other words, they do not realize the need for security and safety of both their own and the security and safety of the organization. On the whole, the organization does not create an environment for the safe work of its employees.

Low level of security and safety culture

A low level of security and safety culture is typical of an organization that sees security and safety as an external requirement. This is also reflected in its willingness to invest in security and safety or lack thereof. Such an organization must often cope with other existential problems and, in some ways, the solution and ensuring of security and safety is secondary. Ensuring security and safety is in accordance with applicable legislation and its observance. Likewise, employees of the organization have a carefree approach towards security and safety. The employees are neither willing to comply with some adopted measures and regulations at all times, nor do their activities help to improve the safety of the working environment. They try to make their work easier.

Medium level of security and safety culture

The medium level of security and safety culture is identifiable in organizations having adopted the idea of ensuring security and safety. They have earmarked some funding for this activity, which may cover some of the main activities needed. Accordingly, organizations seek to adopt regulations to improve the working environment and working conditions. With respect to this fact, ensuring employee training at the level of applicable legislation is a matter of course. The staff of the organizations with a medium level of security and safety culture endeavor to behave in a manner consistent with the regulations adopted. However, they do not always identify with them and do not consider safety in some activities.

High level of security and safety culture

Organizations that were found to have a high level of security and safety culture consider security and safety as one of their priorities. These organizations have dedicated functions in their structures to assure and evaluate security and safety. They have a security and safety policy in place, but not all interested parties may be familiar with it. They strive to educate their employees beyond the applicable legislation in order to increase their awareness and security and safety. Employees behavior is exemplary in the workplace, especially during screening or inspections. Employees both recognize the need for security and safety and, in turn, they respect some of the rules that are accepted and required by the organization. Last but not least, they are aware of the consequences of their actions and take themselves and their colleagues into account.

Very high level of security and safety culture

Organizations will achieve a very high level of an organization's security and safety culture if they are demonstrably considering security and safety as their top priority and making all their decisions, goals, and functions essential. These organizations have clearly defined security and safety objectives in their security and safety policy, which is adequately disseminated throughout the organization. These objectives are regularly evaluated and their resources are allocated to the required extent to fulfill them. In addition, organizations are ready to face crisis situations and actively support employee training. Security and safety incidents are resolved immediately, and corrective action is taken at once to prevent them in the future. In conjunction with this, organizations keep high-quality security and safety documentation on all activities. Employees of organizations with a very high security and safety culture feel the need to ensure their own safety and therefore do not have a problem to comply with all security and safety regulations, guidelines, with which they are often personally aligned and, because of that, they willingly report any accidents or errors to the management. Through their behavior, they try to avoid the dangers and contribute to ensuring a working environment in which security and safety comes first.

Results

The proposed method of assessing the security and safety culture of organizations described in more detail in the previous part of the paper had to be applied to practice and its practical use and, last but not least, to possible benefits needed to be pointed out. As a whole, we have worked more closely with six selected organizations willing to cooperate. Thus, of the six organizations mentioned above, two might be classified as large, two as medium, and two as small. When categorizing organizations according to their size, we refer to Hofreiter (2015), who considers organizations with 10 to 49 employees small, medium-sized organizations are ones with 50 to 249 employees, and large organizations employ 250 or more people. Selected organizations comprise the manufacturing companies in engineering or food production fields.

Structured interviews with 21 prepared questions were conducted with QSE (Quality, Safety, and Environment) Governance Manager, Occupational Health and Safety Specialist and Company Security Manager, or executive managers. These employees coming from the organization's management discussed with the writers questions related to their competencies, activities, and knowledge.

The questionnaire was completed and submitted by employees for each category of organization (at least 35 questionnaires in large organizations, more than 5 questionnaires in small ones). The selection of participants was random. The data were obtained through an interview and a questionnaire during a personal interview. These questionnaires were then evaluated and analyzed. The aim was not to obtain adequate data, but to focus observation on a one from possible ways of assessing the level of safety and safety culture.

Besides that, the management of the organizations also provided us with statistical data, especially in the field of occupational health and safety, the environment, and the protection of the organization's assets. These data can be further used in determining and evaluating individual security and safety culture indicators.

During our stay in the organizations, writers also had the opportunity to undergo guided excursions on their production premises. In addition, writers had the opportunity to spend some time (especially during the completion of questionnaires and conducting structured interviews) in the internal environment of the organizations, and could actively monitor compliance and respect for processes, etc.

An essential step in the whole process of assessing the security and safety culture of an organization is to assign grades to individual indicators, which must be based on a combination of data obtained by methods selected and described in the previous section of this paper. As an example of grading, we give indicators ISC assessments (Importance of Security and Safety for the Employees) for Organization 1 (Large Organization). In order to evaluate this indicator ISC, it is appropriate to use the data from the question posed in the interviews (e.g.,: What attitude do your employees have to security?). Moreover, it is possible to utilize the data from the questionnaire survey (e.g.,: Do you perform your work duties in the workplace on the condition of safety?). More relevant questions for the given type of indicator were used for the evaluation of this indicator.

The survey shows that the representatives of the organization praise their employees for observing and applying established procedures and processes. Drawing on a fact everyone cannot identify with these procedures and processes, the employees concerned and their reservations need to be addressed individually so that common understanding may be achieved. Prior to their introduction, all security and safety rules should be consulted with the representatives of the employees concerned with the aim of adapting them perfectly and taking into account possible comments and problems that might arise in their implementation.

According to the survey, only 14% employees said they did not or do not comply with some of the security and safety duties they were acquainted with. 17% of these respondents rather do or do not identify with the regulations or measures adopted by the organization to ensure security and safety at all. However, only 14% of respondents would take advantage of the possibility of proposing amendments to some of the measures adopted, with which they disagree. From a personal view of security and safety, 14% of employees do not conduct their work on condition of security and safety, 20% think that security and safety is not essential to their work, but only 5% consider it irrelevant (up to 77% think it is either very important or important). At the same time, up to 54% of respondents think that their activities increase and support the security and safety of the organization.

When assessing the security and safety culture of an organization, it is important that its employees are first and foremost aware of the importance of security and safety. Based on the data and information obtained, we assigned ISC2 at Organization 1 a value of 4.

Evaluation of all 20 identified security and safety culture indicators was conducted in a same vein and reasons for the evaluation results were provided. Determining the resulting value of security and safety culture is very easy if individual indicators are successfully evaluated. For the sake of both assessing the security and safety culture sectors based on their coefficients and determining the resulting value of the security and safety culture, we have compiled the following table (Organization 1 Security and safety Culture Assessment).

The overall level of security and safety culture of the examined organization (Table 4) is 3.47—which, according to the scale of security and safety culture, it classifies the organization as having a high level of security and safety culture. The achieved assessment of its security and safety culture is almost impossible to increase, and many organizations should aim for this level. However, the level reached by any organization can still be actively raised.

Table 4 Calculation of the overall level of security and safety culture in organization 1 using the proposed model for evaluating safety culture
Full size table

Moreover, the advantage of the proposed model is also the identification of weaknesses of the security and safety culture based on assessed indicators ISC. Values of indicators ISC that do not reach their maximum, may be increased, and, in turn, it may increase the whole level of security and safety culture in favorable circumstances. It is therefore necessary to focus on the weakest security and safety culture indicators identified.

Based on the intervals set to determine the resulting assessment of the security and safety culture level and using its obtained values, we put forward the results of the surveys in the following table (Table 5).

Table 5 Summary of evaluations of security and safety culture in the selected organizations
Full size table

Discussion

Results of the conducted research of security and safety culture levels in organizations establish that three out of the six organizations having cooperated in the survey were rated as high level of security and safety culture.

Two organizations achieved medium level of security and safety culture, and one identified low level of security and safety culture. Nevertheless, none of the organizations achieved the highest (very high) level of security and safety culture or the lowest (very low) level of security and safety culture. Thus, all these organizations have room for taking new measures that would lead to a possible increase in their security and safety culture levels. At the same time, it should be pointed up that a very low level of security and safety culture might (with some exceptions) be identified only in cases of serious misconduct or ignoring security and safety by the organization.

When assessing the security and safety culture across all organization, there emerges one thing in common. More precisely, it is the fact that the average of the indicator values used to assess each sector of security and safety culture was the lowest for sectors 5 (security and safety consciousness and behavior) and 4 (work environment)—i.e., on the part of employees. The process of raising measurement levels across all organizations can be identical, i.e., focusing closely on employee security and safety awareness in order to identify ways to increase it. The results of individual assessments (SSC, ISC) displayed in the security and safety culture level assessment tables provide an excellent visual overview of the security and safety culture's strengths and weaknesses, which the management of the organization can deploy immediately and conveniently.

For the most part, the survey revealed that larger (corporate) organizations can be expected to have a higher level of security and safety culture than small (family) businesses. There are several reasons for this, ranging from financial/existential possibilities, through personnel resources to the history of individual organizations.

The sincerity of the respondents involved is of great importance when examining security and safety culture, whether using questionnaires or controlled interviews. Managers need not respond honestly if they are concealing violations or non-compliance with legal regulations. Employees who may be afraid of the management if their statements are in contradiction of internal regulations often do not reply truthfully and often do not clearly present their beliefs on the issue. For this reason, anonymity for the employees may play an important role during the examination of security and safety culture.

In general, the proposed model of security and safety culture assessment can be considered a prototype that needs adjustments and continuous improvements resulting from its application in practice. This model shall be further refined and adapted to specific environments, because the results may vary depending on the business sector. It is therefore inevitable to use and supplement the security and safety indicators that are appropriate for the sector of operation and are necessary to establish security and safety. With respect to assessing the security and safety culture, it is important to bear in mind the type and size of the organization and business/industry sector type. Introduced approach has been proved valid for producer organizations in the food industry. It must be adapted for usage in other types of organizations.

The results of the security and safety culture evaluation presented in the paper reflect the levels of security and safety culture of selected organizations which are classified as manufacturing organizations. In research presented, writers focused primarily on their categorization based on organizations size (their number of employees). Another possible way to conduct such research is to focus on organizations that depart from production character. As the security and safety culture of such organizations may have other constituent elements, it is necessary to adapt/adjust the proposed assessment model to their specific requirements. In further research, it is also possible to focus e.g., on the origin/location of the organization.

Conclusion

Security and safety culture is a phenomenon which, given its links to the comprehensive security and safety of organizations, needs to be given particular attention to. In other words, the values/levels of the security and safety culture are needed to be used, or at least taken into account in the assessment of comprehensive security.

At present, security and safety culture constitutes a stable element of security and safety in various sectors; it is thoroughly highlighted within nuclear facilities, the ship-building industry, and it is currently also featured in the draft of new legislation on aviation transport security and safety program. Therefore, it is only a matter of time before the need for security and safety culture will be required (possibly through legislation) also in other sectors of industry or business. Organizations being already aware of this have a great advantage over the competition, which might currently neglect the requirements for safety and security.

In conjunction with the above-mentioned facts, the level of security and safety culture will be an increasing priority for organizations. In general terms, many organizations will endeavor to raise their level of security and safety culture. It is therefore appropriate to propose specific ways of raising the level of security and safety culture categorized for each sector of security and safety culture. This will enable organizations to enhance their security and safety culture in the sectors they deem necessary. Since we currently consider security and safety culture as one of the security and safety factors of an organization, its level/value needs to be implemented in a comprehensive security and safety assessment of an organization where, based on the interaction of identified security and safety factors, it will be possible to evaluate the current security and safety status of specific organizations.

The main aim of the paper was to describe a proposal for security and safety culture evaluation. The methodology elaborated here describes in detail the steps to be taken in assessing the level of security and safety culture. It contains a description of the identified sectors of security and safety culture as well as a description of its twenty indicators. It outlines a relationship for calculating the value of security and safety culture, on the basis of which it is possible to determine its level by selecting one of the five proposed grades of evaluation. However, the evaluation methodology is not theoretical only, as the paper showcases its practical usage as well.

The proposed way of assessing security and safety culture represents a practical benefit especially for organizations which are actively interested in security and safety, and the possibilities of its implementation and assessment. It is important for these organizations to know all the factors that affect their security and safety, and why do they need to focus on addressing their security and safety issues. In practice, we are increasingly encountering the interest of organizations in security and safety culture or security and safety awareness that is part of it. However, they do not have the relevant data to help them quickly orient themselves on this issue. It is common phenomenon that organizations adopting different measures designed to raise the level of security and safety culture often do not know how to evaluate the success of these measures. The presented security and safety culture assessment model offers several benefits for organizations. Firstly, it is identification and description indicators that reflect the evolution of security and safety culture. Secondly, organizations, using the proposed model, can compare the established level of security and safety culture at regular intervals, identify their weaknesses in this process and take tailor-made measures, which can often save organizations considerable amount of money.