Security Policies

By now, it’s obvious that office security is one of the most important issues facing the modern workplace. But actually figuring out how to build a comprehensive workplace security policy can seem almost impossible to business owners and managers, especially for those who aren’t familiar with industry jargon or safety developments. Thankfully, it’s quite easy to get started on this process with the right tools. Before you start drafting a policy, it’s worthwhile for you to gain an understanding of the various aspects of office security. After that, you can start getting into specifics, including physical security, access control and alarm systems.

Understanding Workplace Security Policies

Having a workplace security policy is fundamental to creating a secure organization. No matter your business, area of expertise or company size, your operation can and will benefit from having a solid, clear security policy in place. This policy should outline your company’s goals for security, including both internal and external threats, which, when enforced, can help you avoid countless security issues. An effective policy will outline basic rules, guidelines and definitions that are standardized across the entire organization. For example, you can include rules for wearing ID badges at all times, information about how to make an acceptable password and outlines for mandatory security awareness training, laying out the measures that you’ll use to ensure both digital and physical security.

Digital Security

Improving office cybersecurity is an easy first step to take when you’re trying to protect your office. This category is all about software, data and any other non-physical, but still important, aspects of your business. Start by securing your network and investing in your own servers, which provide you with your own secure network and can range from small and cheap to massive, expensive devices. Use only what you need. Educate your employees on digital best practices, including how to create strong passwords for their online accounts and how to avoid phishing emails.

A good WiFi network can also keep some of your physical security systems online, meaning that you’re never without the protection that they provide. If you invest in an access control system, which will be explained below, you need a reliable network that will allow security devices to communicate quickly and authenticate identities with no issues. With the right setup, digital security can and should be the least of your office safety issues.

Physical Security

The largest and arguably most important aspect of workplace safety is physical security. This category encompasses a great deal of disparate parts, including protection from fires, employee safety regulations, and anti-theft measures. In short, it’s your first line of defense between you and disaster. A comprehensive physical security plan is very important because it will reduce liabilities, insurance claims, closures and other security expenses that hurt your bottom line. Your physical security policy should outline employee access, identity authentication, facility requirements and alarm systems, among other details.

Every server, data storage, customer data, client contract, business strategy document and piece of intellectual property is susceptible to destruction and theft from physical threats. If an intruder or fire is able to reach the important parts of your facility, including server rooms and secure files, could be compromised, meaning physical security policy is critical for control over your company’s assets and amenities. The main benefits of physical access control policy include the protection of people and property, reduced risk, fewer financial losses and improved business continuity and recovery in the case of disaster. Physical security isn’t a luxury; it’s a necessity.

Access Control

The best way to improve physical security, hands down, is by implementing an access control system (ACS). Access control, in short, is a way of managing who is allowed to enter spaces or gain access to amenities within your facility. It may sound simple, but it’s so much more than simply unlocking doors. With the right system in place, you can manage almost every facet of physical security, including authenticating employee identities, allowing visitor access, setting alarms, avoiding incorrect use and controlling who can access certain floors using an elevator. Access control gives you the power to manage almost any physical aspect of your facility.

There are four major classes of access control that are commonly accepted in modern-day office policies: Mandatory, discretionary, role-based and rule-based. Mandatory access control (MAC) assigns a certain level of clearance to users, protecting assets based on clearance. Discretionary access control (DAC), on the other hand, does the same thing, but on an individual level for every protected resource. Role-based is like a mix of MAC and DAC, assigning a level of access to users based on their job title or department. Rule-based uses, well, rules instead, determining access based not on identity but on the method of access being performed.

Normally, there are five major phases of access control procedure: Authorization (granted or denied), authentication (identity verification), accessing (entering a space), management (controlling access) and auditing (making sure everything is going well). The criteria, conditions and processes that need to be implemented in each of those access control phases is known as a unified access control policy.

Starting a new project?
Download our Physical Security Guide

Get the full guide and other great security content from Kisi.

Download Guide
Kisi Access Control Guide
Access Control

The basic elements of an ACS are badges, which hold user ID numbers, and card readers, which grant or deny access based on those badge numbers. You need a card reader at every point you wish to protect, plus a connected method of opening and closing the door or other access gate. From there, you can customize your system to make it work more effectively for your space. To add extra layers of authentication, consider installing signature tablets or cameras for video verification, both of which make it harder for anyone to use someone else’s credentials.

You can also add alarms to your ACS, which improves your physical security even more. These alarms check for dozens of different threats, from natural disasters to intruders. Many companies add smoke detectors to their access control system to protect against fires throughout their facilities. To avoid break-ins, you can hook up motion detectors for secure spaces, which are triggered if anything moves. Other alarms include ones for when a badge has been swiped too many times at the same reader, when a card is swiped to enter a space twice before being swiped to exit it, and when a door has been held open for too long. Better yet, you can choose when you want to arm them and when you want to silence them, controlling all of it from your smartphone or desktop.

Security Breaches

Unauthorized access can be gained by outsiders as well as by in-house cardholders, and both can be detrimental to your security system. Both physical access to a building by a stranger or entry to a server room by a staff member without proper permission are examples of unauthorized physical access. Although a security system may have a few other loopholes, unauthorized access is most commonly granted thanks to weak doors, unencrypted access cards, lost or stolen keys, unlocked doors, masked or disabled alarms and tailgating, which is when unauthorized people follow behind an authorized user.

Any of the above methods create security gaps which can be taken leveraged by smart intruders. Because of a breach, companies may be subjected to theft of devices and equipment, compromising of electronic information and identity theft. What’s more, the lives of your employees or coworkers can be endangered too. Therefore, it is important that a company addresses any of the existing loopholes and prevents possible threats.

Breach Prevention

First and foremost, you need to define how unauthorized access could occur at your building and develop a program aimed at eradicating any possible loopholes. Different levels of security prevent unauthorized access, and a robust ACS, employee control and emergency response help prevent unsanctioned access to facilities, devices and information. Develop an emergency plan and train employees to troubleshoot possible security issues and inform of any suspicious behavior they notice. It’s important to remember that safety starts with a physical security plan, and by implementing measures aimed at preventing unauthorized access, you can protect your assets, information and personnel from internal and external security threats which otherwise might have a detrimental impact on your business.

Beyond including an access control system and alarms, you should also look into installing other pieces of hardware that keep your facility safe from harm. Begin with perimeter security, making sure that you’re using fences, gates, guards and video surveillance around the perimeter. Security lighting is a very important aspect of a robust workplace security plan. It’s not only helpful for your surveillance system, but also useful for manual guarding. Require ID cards for everyone entering the premises, including visitors, contractors and all personnel. Conduct background checks on all employees before onboarding them. Make sure you have a new hire forms checklist thanks to which you can verify your new employee’s work eligibility. Use cable locks for computers in order to prevent theft of smaller electronic devices. You should also lock up sensitive files, hard drives and other information in safes or drawers.

OSHA Regulations

The Occupational Safety and Health Administration (OSHA) is a government agency that outlines workplace safety guidelines standards intended to protect workers from all industries and occupations. Compliance with the agency’s standards is required under the law, but their even the suggested OSHA guidelines are a valuable part of a physical security plan that will keep your employees healthy and able to work.

Your specific requirements are regulated by industry, but you should hew as close as possible to both OSHA’s guidelines and requirements to avoid lawsuits and optimize safety procedures. Common measures include mandatory health and safety training, proper fire safety measures and functioning ventilation systems. Failure to adhere to these standards is a missed opportunity to improve your office’s physical safety. Look on the OSHA website to find out your specific requirements and guidelines.

Performing a Security Audit

By taking a big-picture look at your office, you’re more likely to catch flaws in your system and make decisions that will improve the safety of everyone and everything in your facility. From installing an effective access control system to implementing brand new security procedures, there is always an improvement to be made. Each business will be unique in its specific requirements and needs, so use this guide as a starting point. For easy use, you can also download Kisi’s very own physical security audit checklist as a PDF.

The preparation of a workplace security checklist should be a detail-oriented audit and analysis of your workplace security system dealing with personal, physical, procedural and information security. You should start with access security procedures, considering how people enter and exit your space each day. You can make this process easier by contacting security consultancy organizations or companies to get the ball rolling on a customized workplace security checklist for your company. Start with these actions and add or take away more as needed. You should also consider the frequency with which you perform them.

  • You have a documented workplace security policy covering the physical security aspects of your facility.
  • Access to your building is restricted and monitored.
  • All key access points, especially entry and exit points, are monitored either manually or electronically.
  • For facilities with an ACS, ID-based access control is in place.
  • For facilities with an ACS, ID-based access control is in place.
  • You maintain a visitor record or register.
  • Employees are easily identifiable due to badges or other visual forms of ID.
  • Access cards, fobs and passwords are highly secure, and you use multiple forms of authentication.
  • Your surveillance system, lights, and alarm system are all installed, up to date and properly installed.
  • Customized systems are also maintained.
  • You check your access control, surveillance and lighting systems regularly.
  • A testing record is available for review.
  • All documents related to physical access control procedures are updated and readily available to administrators.
  • Workplace staff is trained for emergency egress.
  • Your office meets the correct OSHA industry standards.
  • You maintain a visitor record or register.
Draft a Policy

Now that you’re familiar with the ins and outs of office security, both digital and physical, you can start putting together your very own company security policy that will allow you to keep an eye on all the pieces of your system. With the results of the audit, list out everything that you do well and everything that you should improve upon. Now, considering every aspect of your facility’s overall security, from huge to tiny, start writing your policy. You can edit and condense once you’ve written everything down, so don’t worry about getting it right on the first try.

It’s better to include too many things than to include too little, so try to include everything you can imagine. There are a few necessary elements, however. A security system maintenance and improvement plan is important because it’ll make your workplace healthier and safer in the long run. Your security policy and operational procedures are must-haves, and should probably be the longest piece of the document. A data management and privacy policy will protect your digital safety. With one security audit under your belt, you can now make a customized checklist for the next one.

You’re now officially on the way to making your workplace safer and more secure. By using an access control system, performing an audit on your existing policies and drafting a physical security plan, you’re laying the best possible groundwork for a long and safe future for your business and your employees. When it comes to safety, doing more is always better.