1. All Resources
  2. Facility Security

How to: Designing your office’s security plan (with examples)

Basic Risk Management for Your Office Security Plan

Professional risk assessment can be costly. Although you can’t measure your risk assessment skills against pros, you can set the basis of your office security plan by thinking of the basic risks. Use the clear view you have of your office. It will help you compile a document that won’t miss an essential component or skip a key step.

No one knows better than you do about the weak points of the physical location and the area around your office. This is the number-one factor role for creating a security plan for an office that is safe 24/7.

1. Examine the Physical Setting of Your Office  

Clues about potential intruders are everywhere. Keep in mind that intruders fall into several categories. Your physical security on the outside perimeter can be violated by random trespassers, as well as by intentional and carefully planned criminal acts.

On the other hand, you shouldn’t forget that the risks of employee counterproductive behavior and negligence need to find a place in the office security plan. In a large office building, think of less frequent security threats, such as natural disasters or accidents. They are rare, but the impact can be severe and long-lasting. Some office security plan examples are less mundane. For example, if you are in an area with rich wildlife, consider including the extra risks due to the specific location. Case in point, raccoons are not only a health risk, but can also endanger the overall work by messing with electrical cords or damaging mechanical wiring!    

planning office security
‍Even a bird’s nest can create a security problem

Often the first thing where you need to start is the fencing and the gates. Exterior lighting comes second. The outside perimeter is the most sensitive area of all offices: It includes multiple access points that need to be protected with appropriate provisions in your office security plan. It’s not difficult to understand why. Largest security threats come from people you don’t know.

Therefore, this is the starting point for designing an extensive security plan for an office that supports your business with mechanical and electronic access tools. Think of writing a plan that works from a perspective of the people, including all access control systems that are or will be set in your building. The people using it should not get confused.

Define the space to clearly address how will you control the access. This section of the office security plan sets the rules for the basic infrastructure, such as:

  • Manual operations with padlocks or electronic access control system with cards, key fobs and/or mobile phone technology.
  • Activation of lights, sensors and fire alarms on the periphery and integration in the central building areas.
  • Monitoring with CCTV cameras, IP cameras and/or security guards.
  • Assigning appropriate (role-based) access control cards and badges to the employees, contractors and visitors.
  • Integrating the physical security and the cyber asset areas within an overall office security plan.     

Electronic access cards or smartphone access control enable managing physical as well as cyber areas. Decide whether you want to keep the mechanical system separate from the electronic access control platform. Despite the final decision, making this distinction in your security plan for office safeguarding will make all the difference. For example, a web-based access control tools will impact the design of the office security plan. Obviously, thinking about the system and the plan must be done hand-in-hand.

perimeters
‍Securing outside perimeters is a necessary part of any office security plan

If you isolate the cyberspace into a separate section of the plan, you will need to think of assigning secure areas, designing security perimeters as critical protection layers, and establishing responsibilities for key players. Those in charge of critical business data will need to undergo personnel risk assessment. The office information security plan should identify who are the key persons with authorization to provide or grant this type of access.      

2.Put Together the ‘Chain of Command’

The hierarchy of authority is typically set as an integrated part of the text, but there are office security plan examples that go for an alternative: The easiest way to do this is to create a flowchart, insert in an appendix and make it available on several spots across the building.

Apart from a clear visual presentation of the “chain of command” between your departments, the flowchart can be used to define the scope of duties within each role.  Even if it is a very small office with several employees, if you know who does what when a threat occurs, you’ll sleep much better. You’ll know that you’ve created a functional security plan for an office that won’t fail you because of unfortunate planning mishaps.

The plan can augment the flowchart by setting the roles in more detail. For example, you can authorize visitors with temporary and grant your employees permanent access. You can produce loan key cards for suppliers and establish who is in charge of overseeing the authorizations. In fact, most security plans for offices require numerous small planning decisions which need to be adjusted to the department needs.

Make sure you think of identification badges along with the issued cards. People identification is known to be a common security threat. Take time to define badges for employees, contractors and visitors.  Knowing who is who is important.      

3.Monitoring, Maintenance and Reporting

By choosing a software as a part of your access control system, you can manage the maintenance and monitor security events. It’s a general solution for connecting all access points, roles and duties within a single system than being managed internally or remotely. Your office security plan will need to include provisions for responsible managers and employers who will track the system maintenance and performance and monitor events. In a way, it changes the role of security guards or managers by switching the focus from the field to the dashboard.  

Pros and Cons of Office Security Plans  

The advantages of planned office security are many. They don’t relate only to threat assessment and taking appropriate measures to tackle them. An office security plan defines the incident response action you need to complete. But, it also set rules for cooperating with law enforcement, delegating responsibilities to contract agencies, and last but not least - reporting to government authorities. It’s the best place to set clear guidelines and instructions about who does what during varying threat alerts levels.

(Note: The appropriate action you need to take under green, blue, yellow, orange and red alert levels can be posted together with the flowchart for the chain of command).

When done well, security plans for offices guard against one of the worst enemies of office security - panic.

Despite all this planning, many office security plan examples come with shortcomings. Truth be told, because of the human factor at play, you can never rest at ease assured that you’ve made the perfect office security plan. Plan as much as you like, issues arise. Doors get old and locks get damaged. Screening procedures for deliveries or visitors may not work anymore. Coordination and inspection fail.

It is, therefore, a good course of action to test your office security plan from time to time. That’s the point of security exercises. The least favorite task during everyday work can prove of immense value in insecure times.

Kisi Products
Regain Full Control the Easy Way

Discover what makes Kisi the most advanced cloud access control solution.

Proximity Readers

Reading RFID, Bluetooth (BLE) or NFC formats connected through a data protocol directly to the access control panel.

proximity reader
HID multiCLASS

Other than understanding a reader, you'll also need to know more about the different types of key cards.

IP Readers

This is a more modern reader type which can be integrated into IT systems.

The Kisi IP reader is connected to PoE and not wired back to an access control panel.

Kisi's IP connected reader - reads secure cards, iOS and Android Apps - PoE based reader with Bluetooth and NFC functionality

Here are details about the four types of proximity readers in more depth:

Standalone proximity readers

Sometimes those readers are called "panel free" because they are fully installed ina decentralized way. Think about it like programming a PIN code for each individual person on each individual reader - it's a great option for very small "quick fix" kind of installations but will generally increase the complexity: You have to go to each and every reader to test and activate the card, you cant control access in real time but would need to deactivate the card on each reader. That's why they often come with PIN pads. 

Kisi's opinion: We don't see anyone using these readers, however they are still being recommended by local locksmiths and integrators. Stay away. 

Wireless proximity readers

Think about hotels - those readers you see on the locks are wireless readers. This means they are not wired to power (battery operated) and you don't have a wired data connection. Typically in the hallways you might see some small access points made by the same brand as the wireless readers - and sometimes the locks itself. That's how the locks connect to an online environment: Via RF (radio frequency) they communicate on a power saving protocol to this access point which is itself connected to the internet. That way you don't have to physically connect each lock but at the same time have real time updated information.

Kisi's opinion: If you don't have 50+ doors, don't even think about doing it. Someone has to update all the batteries in the locks. 

Proximity readers (prox readers)

Proximity readers or commonly called "prox readers" are the most frequently used type of reader in commercial environments. They are universally compatible with pretty much any access control systems, since they typically communicate on a protocol invented around 1974, named "Wiegand Protocol". Conforming to the lowest possible standard comes with the problem that each of those prox readers have been hacked and can be hacked by anyone who follows instructions. Here are some examples: Hack HIDCopy a prox ID card or the Wiegand vulnerability.

Kisi's opinion: Proximity readers are a great "default" for standard environments. However they lack more advanced options which allow for scaleability, security and future readiness.

IP readers (IP connected proximity readers)

Currently the most advanced version of readers - due to their IP connectivity, they can be fully integrated into IT environments. Also data traffic to and from those readers can be controlled and secured easier. Think about the installation similar to any CCTV camera. 

Kisi's opinion: Well we decided to build an IP reader but the reason why we did it is because it is what proximity readers are not: integrateable, future proof, manageable at scale and secure.

IP readers are great for security because there is no direct connection between the reader and the panel. That means the line can not be intercepted / tampered with since everything has to run through your firewall on the switches first before talking to the other device.

Here is an example of how Kisi's IP based Pro Reader is connected. Notice how there is no connection between the reader and the controller.

How do proximity readers work with other components

We get it, you are planning a fancy office, how to specify electric door hardware is the last item on your mental to do list. Always remember, if you’d like to be in a nice office like below, you will always have to unlock the door!

Fancy Office Space

That’s why a lot of construction and architecture companies ask us how to specify electric door hardware into their project. Mostly it also includes swipe card readers from Kisi. When thinking about how to specify electric door hardware it is important to think about more than just the reader. This might be the only visible part to the user). That is exactly the reason why we came up with this guide to make your life as easy as possible.

Some of the hardware products covered in this overview are:

  • Card readers / Proximity readers
  • Controllers
  • Magnetic and mortised locks
  • Doors
  • Safety devices

You can use this guide also to specify electric door hardware that is not manufactured by Kisi, such as HID readers. However keep in mind the vulnerabilities that exist in those products, see posts:

  1. How HID Keycard Can Easily Be Hacked
  2. Wiegand Protocol Vulnerability

Timing: When to specify electric door hardware

The best phase to start looking at this is when your construction company is start drafting the plans. Typically they need to indicate wiring or cable runs. Once the walls are closed you can still install all hardware, but cables need to be pulled when walls are open.

The other critical part is specifying the doors. It is paramount to not specify a sliding door because they mostly do not work with electric door hardware.

Here are the ideal construction related installation requirements for Kisi or electronic door hardware in general. If Kisi comes in to install with a newly constructed space and those requirements are not met we can not guarantee for meeting project deadlines.

Using the floor plan for planning access control

Typically the architect or engineering consultant draws a schematic of the wiring plan including wire runs, where they are dispatched to and any hardware installed. Here are some schematic basics you might want to include:

  1. ReaderMotion sensorPush to exit buttonLockWire

Door planning: In the past it helped many companies to visualize the plans with the specific picture of the existing door. Here is an example:

Overview of Access Control Devices

Specify electric door hardware (locks) to use for swipe card reader compatibility

Any wired lock like electric strike, wired mortise lock or electromagnetic lock should work and can be included in the construction scope. To understand the difference between smart locks and commercial grade access control systems you can look at this comparison, which includes use cases for conntected lock manufacturers like Kevo, Lockitron and August.

Whatever lock you end up choosing, one cable needs to be dispatched to the lock position. This cable will connect the door security hardware AND the motion sensor or push to exit (if required). That’s why we typically recommend to pull CAT5e or CAT6 cable compared to regular low voltage cable. 

We also have a wiring diagram ready in our installation guide. Generally you might look for wiring diagrams for electric door hardware which are included in the document.

Electric strike wiring diagram

Diagram Electric Strike

If it’s for a regular door, installed on the door frame next to the lock.

 

Magnetic lock wiring diagram

Magnetic Lock Diagram

If it’s for a glass door with magnetic locks, installed on top of the door.

Wired mortise lock wiring diagram

Electric strike diagram

If you’d like to avoid an electric strike and wire the cable through an electric hinge to the wired mortise lock that replaces the regular lock.

Advise on other locks advise

One note about sliding doors: They are NOT recommended. They look very elegant but are absolutely not usable with wired electronic locks.

Generally all locks are wired to a power source. Typically the power source is in the IT – or communications room. However if it’s a small one door installation you could also wire the lock to a power source close to the door. Keep in mind this shouldn’t be accessible for the regular user, otherwise you might end up with manual interference.

Now let’s spec the swipe card reader – or proximity reader

Tap to Unlock by Kisi

Kisi's state-of-the-art swipe card reader is our Pro Reader. For ease of understanding we stick with the industry standard “swipe card reader”.

The first question we typically get is about mounting specs.

Mounting specs of the reader device

A Kisi swipe card reader is on-wall mounted. The Kisi readers come with set screws to mount. The reader cable needs to be dispatched to the reader height next to the door 48” from the floor, with minimum distance of 10” from the door frame.

Wiring diagram for swipe card reader

The next question typically evolves around cables: The Kisi pro reader works best with a wired CAT5e or CAT6 cable pulls from the future position of the swipe card reader to the IT room. Which CAT cable it is doesn’t really matter for us, your cabling company might have preferences depending on quality and distance.

The reader must be installed outside the door on the same side of the door as the door handle. IE: door handle is to the left of the door, install reader to the left of door.

Do you already think “that’s a lot of cable going on here”? I’ve recently been in an office buildout construction site where we took this picture:

CAT6 Cable

That’s around 80 boxes of CAT6 cable. If you ever looked at the price of one box, you know might as well be a small luxury sports car standing around. It’s what it costs. Cabling is not cheap and it shouldn’t be the place where you save, because most likely you will never have a chance to change or edit the cable runs during the entire time of you staying in the office.

Important: The beginning and end of the cable have to be labelled with the door name, so there is no confusion as to which cable to choose.

Option: Front desk wire – Most companies prefer to have a hardwired unlock button at the front desk, so there needs to be a signal cable run to the front desk from the IT room.

Installing access control panels in server / IT room

Ideally Kisi controllers are mounted on a wall mount wood board at a height of 5 to 6 feet above the ground. There needs to be 2 power outlets for every one Kisi controller. 

All wiring must be secured to the wall with a stable gun or wire tie downs. Ideal compatibility is a drop ceiling.

The Pro Controller needs an ethernet CAT5e or CAT6 cable for data connectivity, a twisted pair power cable and enough space for running up to four door signal cables as well as alarm panels and if needed backup power. More details about this in the next paragraphs.

To give you an idea how a very large installation could look like:

Access Control Panel

Sorry to disappoint, typically it never looks that nice, but just keep it in mind as a goal to strive towards.

 

Power and functionality backup

Very confusing for construction planning to understand are typically the failover power backup systems. Our first advise is always to check if the building has a backup generator for power. That saves all the trouble.  Otherwise for emergency requirements you’d need a 24h backup battery spec’d for the amount of locks you have.

The typical backup battery brand recommendation would be Altronix.

For functionality backup a physical analog backup must be installed in form of manual key override or pin pad.

Connecting fire safety and fire alarm to access control

The fire safety system can be connected with Kisi via dry contacts normally open or normally closed. The fire vendor / architect has to specify emergency push bars where needed. A typical brand used for fire / emergency panels is Bosch.

Starting a new project?
Download our Physical Security Guide

Get the full guide and other great security content from Kisi. 

Download Guide
Kisi Physical Security Guide