Conducting a physical security risk assessment is an important part of any organization’s risk management framework. When you consider who and what you need to protect, where your vulnerabilities are, and the most effective way to mitigate your risk, you’re heading in the right direction.
You can’t always know where the next threat will come from, but by conducting a risk assessment, you can prevent a lot of headaches before they even happen.
To get the most value out of a physical security risk assessment, there are a few things you should know. Missing key details can leave you vulnerable, and unaware of the hole in your defense system until it’s too late.
A security site assessment (or physical security risk assessment) is a comprehensive evaluation conducted by a security professional.
It typically includes an inventory of the assets to be protected and recommendations on how best to protect them.
A strong physical security risk assessment will consider how to protect from external threats, natural disasters, and internal damage.
A risk assessment is appropriate for nearly any organization, from schools and corporate headquarters, to sporting arenas, convenience stores, manufacturing plants, and municipalities.
Targeted violence is on the rise, and any organization can be at risk.
Interpersonal and domestic conflict is human nature, and those issues can spill over to the workplace. In addition, neighborhoods can change, or an organization may move locations. Those are all important reasons to do a risk assessment of physical security concerns.
There are likely areas in your facility that are unprotected and leave you at risk. Areas you look at every day could be a problem, and you may not even realize it. Something that may be obvious to a security expert – like an unprotected door latch bolt – is easy for a building owner to overlook.
With that in mind, here are five benefits of being proactive about a physical security risk assessment:
In the case of litigation, that last point is extremely important. Foreseeability is now part of the conversation when it comes to corporate or school security and liability. In essence, foreseeability breaks down into two basic questions:
You’ll need to be prepared to answer those questions if there’s an incident at your facility. The plaintiff’s lawyer has the right to call in your security consultant and ask him or her to provide proof of a security assessment and your response to their recommendations. They’ll even dig into the background of your consultant to see if they’re a qualified expert in their field.
This is one very good reason to hire a reputable security firm with extensive experience.
First, determine what areas you will focus on.
Does your organization have multiple sites or buildings? Which assets and sensitive areas are most critical? This could be your main entrance, lobby or reception area, pharmacy, teller lines, data rooms or records. Clarify your organization’s objectives, stakeholders, and deliverables up front so your security teams can align on priorities and a realistic timeline.
Next, select a physical security solutions provider who can collaborate with you throughout the project.
Do your due diligence to ask them about their experience, references, and relevant certifications.
Ask about their process and how they integrate security with construction and operations. If ballistic barriers are likely, engage our team early as the weight, framing, HVAC, and aesthetics affect construction and cost.
Follow these guidelines for evaluating a potential partner to ensure you’re hiring the best one.
Work with your consultant to identify threats, including crime patterns, natural disasters and severe weather, neighborhood change, and mission-specific concerns, such as cash handling or personal health information. This is your early threat assessment that informs later risk rating and risk management decisions.
Flag regulatory requirements and physical security standards that apply.
These may include:
Tie recommendations to the right standards so you ensure compliance and avoid over- or under-building.
This video will help you understand the UL 752 levels of bullet-resistance and determine which level you need for your building.
Start at the outer perimeter. Focus on parking, lighting and guard booths if you have any. These are common areas where you have an opportunity to start an attacker before they breach your building.
Then, move to main entrances, including doors, exterior windows, lobbies and reception areas. You’ll also want to consider any existing security cameras, alarms and intercoms.
Next, focus on the inner layers, including stairwells, corridors, and specific suites or offices where you may need additional executive protection.
Audit access control systems, cameras, alarms, visitor logs, monitoring, and policies. Confirm coverage, uptime, and response. Verify processes for revoking access for former employees and least-privilege rules for sensitive data and sensitive areas.
Each phase of security should get stronger as you get inside the next layer. The goal is to have highly-hardened areas where people are frequently present.
People notice things systems miss. Short interviews or surveys often surface security concerns, such as dim parking, tailgating or unsecured counters. Use this to validate potential vulnerabilities and to prioritize protective measures that make employees aware and confident.
Correlate potential threats with what was observed to assign a risk rating that accounts for both probability and impact.
This turns findings into informed decisions about risk remediation so you can focus on:
The end result should be a detailed report that explains your security posture and gaps.
It should include floor-plan markups of weak points and a prioritized plan with costs, phasing, and compliance notes and product-agnostic specs or sample reports so stakeholders can compare options.
Having the team that worked with you on the assessment guide implementation reduces missteps. Our team has developed a proven process that includes assessing your threats, planning cost-effective upgrades, and designing, fabricating and installing them.
This reduces hand-offs between vendors and minimizes unexpected change orders or delays.
It ensures your physical security controls integrate seamlessly with your design and fit your budget while meeting regulatory compliance.
It’s always best to be proactive instead of reactive when it comes to keeping people safe.
A risk assessment is your chance to get ahead of potential threats and prepare for potential disaster. It is one of the most effective ways to protect your employees and your business.
There’s also an incentive to provide peace-of-mind to the people you’re protecting.
People who feel safe perform better. If you are considering how your own facility may be vulnerable to ballistic threats or forced entry events, then bulletproofing your security may be the right answer.
For more information, download our risk assessment template. Or, if you’d like to talk to one of our security experts about how to harden physical security for your facility, schedule a consultation with us.
We can give you our genuine advice about what is best for your organization’s security.