A Guide To Physical Security Risk Assessments

The decision to harden the physical security of your building can bring up many questions: What are our biggest risks? Where are we most vulnerable? What should we fix first? Physical security risk assessments can answer these questions and put building owners and operations managers on a path toward greater safety and peace-of-mind.

What Is A Security Site Assessment?

A security site assessment or physical security risk assessment is an evaluation conducted by a security professional that includes an inventory of the assets to be protected, as well as recommendations on how best to protect them. They’re appropriate for nearly any organization –from schools to corporate headquarters, to sporting arenas, manufacturing plants, and municipalities.

Why Have A Physical Security Assessment?

A security assessment identifies your problems and their respective solutions.

A security professional can conduct a physical security assessment at your building to determine:

  • Greatest threats to people and property
  • Gaps or areas you’ve overlooked
  • Priority items to tackle right away

Knowing these things will help you prioritize, budget, and implement the right security solutions.

Bill Cousins, the founder of WJ Cousins & Associates, provides a full range of security investigation, protection and litigation consulting services to individuals, corporations, law firms, and government agencies worldwide. Cousins is a seasoned security professional with nearly forty years in the business including 22 years as a United States Secret Service Agent.

He explains how eye-opening a security assessment can be for his clients:

“Things you look at every day could be a problem but you don’t even realize it. Something really obvious to me -like an unprotected door latch bolt–is an easy miss for a building owner. We walk through and show you what’s in your blind spot so it can be corrected.”

Cousins says it’s important for facility owners, who are responsible for the health and safety of everyone in their buildings, to be proactive and understand their risks:

“Owners are exposed to civil liability if something happens, like a hold up in their parking lot during which an employee is hurt or killed. Obviously, that’s a tragic situation. And if litigation ensues, that building owner will have to provide proof that they had the appropriate physical security plans, protocols and equipment in place and that they did due diligence to protect that employee.”

Foreseeability is now part of the conversation when it comes to corporate or school security and liability. In essence, foreseeability breaks down into two basic questions:

  1. Would a reasonable person be able to foresee that this event was to occur?
  2. What did the organization do to mitigate or prevent it?

You’ll need to be prepared to answer those questions if there’s an incident at your facility.

If there’s a lawsuit, counsel might even call in your security consultant and ask him or her to provide proof of a security assessment and your response to their recommendations. They’ll even dig into the background of your consultant to see if they’re a qualified expert in their field.

“Your expert needs to have a sizable resume and deep experience conducting these assessments and making sound recommendations,” Cousins advises, “What they recommend needs to be able to hold up in court.”

Begin reading the Ultimate Guide to Non-Profit Security Grants

Who Needs Physical Security Risk Assessments?

This is a pretty simple answer: any building, of any size, that is open to the public and houses employees or students.

“No matter what you provide as an organization, you have to protect your people. People naturally come with domestic issues. Those issues spill over into the workplace and can cause violence,” explains Cousins.

In fact, targeted violence is on the rise and any organization can be at risk.

“It’s becoming more ubiquitous. It used to be that we focused on assessments for government and financial institutions. But more corporations are reaching out to us as they have noticed a risk in both internal and external threats to their locations. This is step one in the process of increasing safety.”

Another signal that it may be time for an assessment is a move of any kind. For example, when a business moves from the suburbs to the city.

“Have a security expert take a look at the crime reports and activity patterns for the surrounding neighborhood area and then take an all-hazards approach to your safety planning. Moving is just one instance, but any time is a good time to have a security assessment.”

Choosing A Security Consultant or Firm

There are many firms out there that advertise themselves as experts, but be warned: not all security pros are legitimate. Cousins advises a ‘buyer beware approach’ and to do your homework.

Make sure you look at their:

  • Education and training
  • Associations and certifications (such as a board-certified PSP from ASIS International)
  • Experience in the industry
  • References, reputation, and reviews

It’s also a good idea to consider their area of expertise. If you’re securing a school, you’ll want to work with an expert who has an extensive portfolio of work in educational facilities, such as Safe Havens International.

And then there are special cases, as Cousins explains:

“I’ve secured all types of buildings from hotels to churches to stadiums. But when you get into the chemical industry or nuclear facilities, that’s a separate level of FEMA and NRC requirements so I’d recommend that you find a specialist to conduct those assessments.”

How Are Physical Security Risk Assessments Conducted?

Each consultant or firm will deploy a different methodology, but most security professionals take a layered or a 360-degree approach, starting at the outer perimeter of the facility. This includes, but is not limited to the surrounding neighborhood and the fence line. Then, the consultant would assess the middle perimeter layer including elements like parking areas, lighting, cameras, windows, doors and alarm systems. Finally, the inner perimeter is assessed including access control points, scanners, and inner rooms, stairwells, and hallways.

“Each phase of security should get stronger as you get inside the next layer. The goal is to have the highly-hardened areas where people are present,” says Cousins.

Your consultant should also look at crime data in the area, the presence of local law enforcement and conduct interviews with building management and key personnel:

“We ask them what they’re worried about. Sometimes people will say ‘staying late at night by myself in the building’ or ‘walking to my car in the parking structure.’ We take that all into account when making our recommendations.”

What Is The Output?

After your assessment is conducted, you’ll get an in-depth report with an executive summary that outlines observations, as well as specific recommendations for your facility. Cousins explains:

“The reports are extremely detailed. They’ll go into specifics –from the content of the employee interviews to the observations about your lighting outside. The recommendations may be as simple as replacing some locks or complex as installing bulletproof barrier systems. There’s a lot of information to consume in the report and your consultant should walk you through all of it.”

Your consultant should also have a plan for how to help you with the implementation of the recommendations.

“I typically write the recommendations and provide you with a list of people who I feel are certified experts, including locksmiths, access control experts, etc. Some clients choose to retain me to manage the projects to completion, others have their operations team do it, it’s really up to them,” says Cousins.

Finally, there may be recommendations made for employee training, such as active shooter response or workplace violence prevention, as well as future follow up from the security consultant.

Cousins concludes:

“It’s always a good idea to have the security professional follow up with you to make sure the implementation is going smoothly and that your goals are being met. There may also be a need for him/her to sit with your legal counsel, HR or facility managers to update employee protocols so that everyone can get on the same page.”

Considering Your Own Physical Security Risk Assessment

It’s always best to be proactive vs. reactive when it comes to keeping people safe.

Cousins explains, “Think of it this way, the assessment is your chance to get out ahead it, cover yourself, protect your employees and your business before something happens. It’s hard to put a price on that”

There’s also an incentive to provide peace-of-mind to the people you’re protecting:

“When people feel safe they perform better -whether they’re students at school or employees at a large corporation.”

Finally, make sure your consultant is not only qualified but keeping up on the latest security threats, vulnerabilities, and solutions.

Cousins, with close to four decades in the business, says look for pros who believe in continuous learning:

“I take what I learn on every single assessment and add it to my toolbox for the next one. I’m always learning and that gives my clients an edge.”

Begin reading the Ultimate Guide to Non-Profit Security Grants

Back to Blog