Physical Security Assessments - Problems it can uncover
Physical Security Assessment
A comprehensive physical inspection and evaluation of all security systems, controls, and their parameters in a particular public/private property, asset or an organization is called physical security assessment. Generally, it is the combined process of conducting intensive audit and analyzing the audit results pertaining to the entire physical security mechanism of any particular facility.
It is a well defined process commonly adopted for the compliance of requirements from many regulatory authorities and standard organizations. All kinds of physical security systems installed for a particular installation or office security are examined deeply while conducting physical security assessment.
Importance of Physical Security Audit
There are many kinds of natural as well as human initiated threats to the resources, assets, sensitive information and business secrets that can result in either partial or complete devastation of a person or an organization. Those threats strike either through IT network or through physical intrusion.
Intrusion into IT resources is much easier, if a hacker is able to physically intrude into your facilities. So, the physical security systems should be 100% active, effective and alert all the time that can be achieved by implementing frequent physical security audits. Security audits can help you find flaws and deficiencies in the security systems so that you can easily resolve them to them robust and sturdy. A robust security system is necessary to safeguard your assets and business related strategic information.
Comparison between Physical Security and Physical Audit
Both the physical security assessment and audit look similar at first glance, but both of them have certain fundamental differences. In physical security assessment, the availability, implementation and maintenance of the security systems are dealt, while the security audit evaluates the level of effective implementation of the security policy of an organization with the help of different security controls.
Security audit finds the security gaps and loopholes in the existing security mechanism; on the other hand, the security assessment studies the security loopholes in the existing system and need for the new systems too. So, we can say that the security assessment process is much wider than the security audit.
Major Problems Physical Security Audits Can Uncover
Physical security audits can uncover numerous problems associated with the organization or office security. A robust security system may include numerous security controls, such as, human guards, physical locks, intelligent locks, fences, CCTV system, lighting, alarm systems, goods movement controls and many others. And, physical security audit finds out the security gaps related to an existing security policy of the organization are uncovered with the help of visual inspection and operational activities. The main problems uncovered by the physical security audit include:
- Lack of proper follow up for the security policy by higher management to implement it in true spirits
- Very poor level of motivation, supervision and monitoring over the human security guards hired from the third party contractors, which lead to improper adherence to security policy procedures
- Low level of precaution and care by employees about the valuable assets of company such as, laptops, furniture, office equipment, workstations and others
- Both the employees and the security staff are not very well aware/trained about the security policy and procedures while accessing assets, working with assets and leaving the company.
- Proper wearing the company identification badges is another issue found in physical security audit. Many third party contractors and employees don’t wear badges all the time; or the pictures of badge holder on those badges are unrecognizable.
- Poor control over the visitors to the company or its employees is another major problem found in security audits. Many employees either escort their guests with them or they don’t make the proper entries in the visitor registers.
- Security screening of the employees of a third party contractor is another very critical issue found in the physical security audit. Many employees working with contractors are not fully screened in normal situations
- The lack of secure handling and movement of documents within the company and outside the company premises is another critical issue mostly found in security audits.
- Skillfully monitoring of electronic security system is another issue due to unskilled staff that operate them
- The regular testing, maintenance and monitoring of the security equipment at all points are not conducted as per defined policy.
- Inadequate lighting inside and outside the building, backyard or walls is another important issue commonly highlighted by the security audits
- Intrusion detection systems, fire alarm systems, CCTV monitoring systems and others are not properly tested as per policy to keep them 100% operative
When Physical Security Assessment Is Required?
The requirement of physical security assessment varies in terms of type of organization, area, local regulations and rules and industry compliances. In most of the cases the security assessment is conducted annually; but in some mission critical organizations, the security level assessment is conducted semiannually or quarterly.
The security assessment should be checked in accordance with the rules and regulations of the local authorities and industry best practices.
As a new startup company, getting started with the physical security, you need to take the following simple steps:
- Assess the physical security risk level
- Choose the suitable controls to mitigate the risk
- Devise a security and its management policy
- Implement the controls as per policy
- Manage the controls as per security management policy
- Audit and assess the security level after defined intervals
- If you find major issues, correct them accordingly
Key Points to Consider in Physical Security Audit Checklist
There are many major categories that should be considered in the physical security audit checklist. Each category should be further expanded for its sub points in the forms of the questionnaires. Some of those important categories in the office security check list are given below.
- Management policy
- Physical Security policy
- Risk assessment
- Access control
- Staff security
- Data/information security
- Emergency communication
- Rapid Response
- Technology review
NOTE: Each of the above categories of office security assessment should further be expanded with the specific questions pertaining to that particular category.
Physical security assessment is very critical in safeguarding both soft and hard resources associated with the company as well as with the employees of the company. Without a good policy of physical security assessment, it is very difficult to manage businesses without high risk factor.