The 4-Step Physical Security Audit

<span id="hs_cos_wrapper_name" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="text" >The 4-Step Physical Security Audit</span>

Nov 18

Nov 18


The 4-Step Physical Security AuditEvery year, organizations around the globe spend a total of more than $100 billion on physical security technologies. Their goal, of course, is to restrict access to people, facilities, products, and other assets. But are the systems you install actually getting the job done?

Related: 6 Threats to Consider Before a Physical Security Audit

As a value-added reseller, it is vital for you to have a full understanding of each customer’s physical security position. Is the organization vulnerable to threats that have been unaccounted for? Is the organization spending unnecessary amounts of money on unneeded features? Do its employees understand how to leverage the technology effectively, both during an emergency and on a day-to-day basis?

To begin answering these and other key questions, consider conducting a quick security audit of each customer’s facility. With new customers, the audit should occur during the early stages of your work. For existing customers, be sure to offer regular security audits so that they can rest assured that their technology is still being used to its full potential and they are accounting for all potential security threats.

Physical security audits can be lengthy, highly involved processes, depending on the size of your customer’s facility, the surrounding environment, potential risks, and other factors. But most audits have several common themes. Knowing the key elements of an audit is a good place to start, and then you can adjust your audit for each customer.

To get started, follow these four steps:

1. Examine the physical layout of the facility.

  • Does the layout create places to hide?
  • Is there enough lighting to illuminate key areas?
  • Is landscaping creating places to hide or providing roof access?

2. Note the number and location of all access points.

  • Do employees and visitors go through a single security checkpoint, or are there multiple access points?
  • Are doors, gates, elevators, and other points secured using electronic access control technology?
  • Are windows closed and locked or otherwise secured?
  • Are all access points illuminated?

3. Consider the use of security guards.

Does the organization currently employ guards?

If so, are they utilized effectively to control access, make rounds, and respond to security incidents?

If not, would adding security guards be a good option for improving security?

4. Investigate the effectiveness of the facility’s current physical security technology.

  • What credentials are required for gaining access to the facility? Are employees using the access control system as intended?
  • How is visitor management handled? During a security incident, would the organization have insight into which visitors are currently on site or were during a particular time?
  • When employees quit or are fired, what happens to their keys or access cards?
  • If the organization uses PIN codes for secure access, how often are they changed?
  • Are the facility’s and the building’s perimeters adequately covered by surveillance cameras?
  • Do exterior cameras provide usable footage both day and night?
  • Are access points, stairwells, and other key areas secured by cameras?
  • Are cameras monitored? How long does the customer retain the footage?
  • During a security incident, how are security personnel notified of the unauthorized activity? Is the current protocol/system enabling a fast and effective response?
  • If security gaps exist, would it be more cost-effective to add cameras or other technologies, invest in security guards, or a combination of the above?

Do you typically conduct a full audit with each new or returning customer? What elements do you prioritize when conducting a security audit?

Topics: VAR How Tos

Unlocking New Potential: The Future of Access Control