Physical Security Audits and Assessment – Issues and Concerns that it can uncover

Aug 22, 2018 | 2698 Views

Physical Security Audit

A Physical Security Audit is a physical examination and assessment of the security frameworks, controls and parameters in a specific property, resource or an entity. By and large, it is the procedure of leading an inspection and detailing the inspection results relating to the physical security at a specific establishment.

Physical Security Audit covers the approaches, fencing, entry/exit points at the perimeter, movement areas, parking areas, manual access controls, passages, docks and lighting at the building access and senior officials, resources and control rooms in the innermost secure area.

It is a comprehensive process conducted on the prerequisites laid down by the security experts and the standard working procedures laid down at an entity. A wide range of physical security frameworks introduced for a specific work area security, are analysed while conducting a physical security audit.

Significance of Physical Security Assessment

There are many types of dangers to the assets, resources, data and confidential information that can result in a pulverization of an entity. These dangers can strike through a physical interruption. The physical security frameworks need to be dynamic, compelling and raise an alarm consistently and this can be accomplished by doing the regular physical security Assessment. Security Assessment enables you to discover the defects and deficiencies in the security frameworks so that you can you can come up with the counter measures to prevent the foreseen eventualities. A robust security framework is important to shield your business and vital information.

Physical Security audit and Physical Security Assessment

Both the physical security audit and physical security assessment seem to be similar at a first glance, however,  these two have differences. In a physical security audit, the accessibility, usage and upkeep of the security frameworks is appraised, while the physical security assessment assesses the level of execution of the security approach of an entity with the assistance of multiple security controls.

Security audit finds the security gaps and provisions in the current security; the security assessment thinks about the security in the current framework and the requirement for a whole new framework as well. In this way, we can state that the security assessment process is considerably more wide compared to the security audit.

The significant issues that a physical security Assessment can reveal
Physical security Assessment can reveal various issues related to an entity's security. A thorough security framework may incorporate many security control aspects like human gatekeepers, physical locks, smart locks, fencings, CCTV framework, lighting, alert frameworks, stock controls etc.. A physical security assessment discovers the security holes in the security arrangement at the entity, that are revealed not only through a visual assessment but also through an operational exercise. The principal issues revealed by a physical security assessment may include:
 
  • Lack of an appropriate follow-up on the security approach by the top administration to execute it in a genuine spirit.
  • Poor inspiration, supervision and observation of the security personnel employed, temporary workers, an ill-advised adherence to the security arrangement strategies.
  • Low level of safety measures and thoughtfulness amongst the security representatives about the important resources in an organization, i.e.personal computers, furniture, office equipment, workstations, processes and many other assets.
  • The security representatives and the security staff are not aware and prepared about the security strategy, approaches to the resources, working with the resources and resources leaving the organisation.
  • Poor control over the visitors to the organization and workers is another issue found in security Assessment. Many workers either escort their visitors or don't make the required entries in the guest registers/visitor management system. 
  • Security screening of a contractual worker is another basic issue found in the physical security assessment. Many persons working temporarily are not completely screened.
  • The absence of a secure provisioning of the archives inside and outside the organization premises is another issue generally found lacking in the security Assessment.
  • Skilfully observing an electronic security framework is another issue because of unskilled staff who are using the framework.
  • The consistent testing, upkeep and observation of the security equipment in the focus areas isn't done according to the laid down policy.
  • Inadequate lighting inside and outside the building, courtyard area, barriers is another critical issue normally featured in the security Assessment.
  • Intrusion recognition frameworks, fire caution frameworks, CCTV observing frameworks and other frameworks are not appropriately used according to the security policy to keep them fully effective.
At what point is a Physical Security Assessment required?
The prerequisite of physical security assessment depends upon the entity, territory, direction, principles and industry compliances. In most basic entity cases the security assessment is done every year; the security level audit is often done half-yearly or quarterly in more sensitive entities. 
The security assessment needs to be conducted as per the standards and directions of the specialists and the business's accepted procedures.

How to Lead the Security assessment?
For making a beginning with the physical security assessment, you need to take the following steps:
  • Assess the physical security risk level
  • Plan an appropriate control to mitigate the risk
  • Devise the security and  administration processes
  • Implement the controls according to the laid down processes
  • Manage the controls as per the security administration policy
  • Audit and evaluate the security level regularly after the defined period
  • If you discover any issues, take the corrective action
Focusses to Consider in a Physical Security Assessment
There are many issues that should be considered in the physical security assessment agenda. Every issue needs to be considered with its sub-issues. The critical points in the workplace security checklist are:
  • Management approach
  • Physical Security approach
  • Risk audit
  • Access control
  • Staff security
  • Data security
  • Emergency response
  • Rapid Reaction
  • Technology considerations
NOTE: Every one of the above points in the security audit needs to be additionally elaborated with an analysis of that specific point.

Conclusion
Physical security audit and assessment is an extremely significant factor in protecting the assets and the employees of an organization. Without a proper arrangement of physical security audit and assessment, it is exceptionally difficult to oversee an organization's security without exposing it to a very high risk.