A Physical Security Threat, Risk and Vulnerability Assessment involves many stages. The following is a guide to help you prepare to ensure that your assessment can be conducted timely and efficiently.
On Site Inspection
The comprehensive onsite security review will evaluate the current state of the security safeguards and systems in place. It includes a physical inspection of the following: Grounds and Access to Site, Parking, Entrances and Common Areas, Security zones and restricted areas, Access Controls, Electronic Security Systems and any enhanced security countermeasures around critical assets.
How to prepare:
- Designate a point of contact at each physical location that can provide access throughout the site for the review
- Identify an individual that has knowledge of the security systems in place, when they were installed, and how they are currently operated
Interviews
In addition to onsite inspections a Threat, Risk and Vulnerability Assessment includes a review of all aspects of the security program. This includes interviews with relevant stakeholders that focus on how aspects of the company operations touch on or affect physical security. The interviews are conversational. They are short and there is no preparation required for the interviewees.
How to prepare:
Compile a list of relevant stakeholders to be interviewed. The list should include but is not limited to:
- Those responsible for issuing credentials such as building passes, physical keys, and access permissions
- Those with business line responsible for critical assets
- Individuals responsible for reviewing security incident reports
- Property manager or facilities lead on site
- Those responsible for staff security policies
- Those responsible for staff security training
Documentation Review:
The security review includes policies and procedures as well as staff training and awareness. To understand these components, we will review current physical security policies and documentation. This can be conducted virtually.
How to prepare:
Compile a list of physical security documents for review
- Incident reporting (this can include a summary of recent security incidents)
- Staff training policies
- Acceptable use policies for cameras
- Staff onboarding or release documents that relate to issuing or cancelling credentials
- Any other relevant security policies such as guidelines for working remotely
Please contact us if you have any questions or would like to scope a project