Physical Security Audit & Assessment
(From Imtiaz Ahmad Malik, CEO Reichert Security)
The aim of security audit and assessment is to check the security installations, security procedures, missing trails, compliance, desired impacts and effectiveness of the existing security. It is evaluated keeping in view the associated risk levels. Security cannot be planed and glassed with a view “a size fits to all” as every facility, every area would dictate a different security demands in relation to size, equipment, security gadgets, weapons and even the security company to be selected. For example, Reichert Security and onyx security is known for superior guarding (best bodyguards and the bouncers) in Pakistan while HLS, Phoenix, fearless and ADT is famous for providing alarm systems. Some of the companies are renowned for protection of cellular sites like Reman Security and Pacific security.
What is a Physical Security Audit?
Perceptions and Misconceptions of Physical Security Audit and Site Security Audit
There is a difference between Physical security audit and site security audit. Physical security means only those features and procedures need to be audited linked with the protection of people, property and information. Site security audit shall cover all aspects of security including, general area threat assessment, security plan, security manual, security team, physical security, crisis management, emergency responses, training, reviews and improvements.
Security audit is a constant activity which must be done periodically. A one size and one-size-fits-all both strategies do not work here. It can be feasible in the field of clothing or in education or in other field or the industry. Installation of security systems or the quality of guards you have hired last year not necessarily would work this year as well, they may not meet the current standards for protection and reliability. You don’t have to wait until big disaster has taken place to carryout the security audit. For example, fire taken place in a renowned trade center in Lahore and 50 percent of the building was destroyed, damage of millions had occurred. Fire alarm systems and other gadgets have been installed after a considerable damage. So, need not to wait, just carryout the audit of existing security and eliminate the risks without any fail.
A very trained security professionals are available in the market, can be requested to carry out the security audit. Prepare a check list with the security vendor company, identifying the naked security, gaps and other weak links, review the risk levels and try to mitigate the potential risks.
Good and large organizations have dedicated compliance teams, Monitoring and Evaluation teams (M &E) or Monitoring-Evaluation-Accountability and Learning groups (MEAL sections) to perform such activities to keep the things working in a befitting manner. Security experts carry out audit generally once a year however the interval can be reduced or increased keeping in view the change in the security environment.
It is to be remembered that risk assessment is different as compare to security audit. In security audit experts see the naked security (security gaps) in existing physical security whereas risk assessment is altogether different activity. In security audit, working is done on existing and already complied parameters, documents and SOPs.
Threats prevail in the environment. Mangers need to know the nature of business and associated risks. Threats could be many but it must be identified which type of risk could harm their business in relation to physical security. After classifying the risk, mitigation measures should be worked out for the physical security. We observe that under-mentioned threats to different businesses are common.
- Burglary and destruction
- Break-in or robberies
- Data steeling
- Target Killing
- IED Attacks
- Physical attacks
- Terror activities
- Misuse of equipment and vehicles
Access Control (AC) Systems have to be strong for superior protection. Just deploying the security guards on a gate or installing walkthrough gate doesn’t mean that access control protocols have been completed. Access Control is a system which prevent every type of entry which can harm the business. Identification of the risks is not a responsibility of security guard but this is the obligation which has to be performed by the management.
Security breaches generally occure in conjunction with a physical breach of access control.
AC starts from a simple security guard at door and goes to ID badges, walkthrough gates, mobiles, your laptops and even to your daily mails. Checking on AC authorization is imperative. The security audit will help the organization to devise the SOPs to save all the employees and assets from a major disaster. Following may be checked critically. Mechanical and electronic measures (resistance time), Personnel measures (Security Guards), Psychological measures (martial deterrents), Architectural measures (E.g. revolving door etc.).
Barriers and Access Hardening
For hardening the access to the building there could be hurdles to deter the criminals. The same can be Natural and Man-made, for example natural cover could be some river or marshes etc. Man-made barriers can be fences, barbed wire, gates, doors, windows, locks, walls etc. Barriers
are generally planned to discourage illegitimate entries or the access by incident, by force or by design.
Surveillance and detection of unauthorized entries
There are various implements which help to keep the people under-surveillance. One can detect the unauthorized entries very easily even after-hours. Organizations should install the surveillance cameras on each and every entry point of the facility to have extra eye on all unauthorized movements. The same will help in performance of other security protocols. It is to be remembered that extra visibility to the management has paramount importance for the success of the business activity.
Biometric machines and walk through gates can be installed to check and deter the unauthorized entries. To check the weapons and other material which can cause damage to human life can be checked through metal detectors. Use of explosive detector is best to identify any entry with explosive.
Ecological mechanisms and Crime Prevention through Environmental Design (CPTED)
Effective use of built environment leads to have satisfactory feelings being safe and secure. It can reduce the chance of crimes and terror. It can provide the cordial environment for work and live freely. Crime Prevention through Environmental Designs (CPTED) can be applied in existing buildings and in constructions as well. Primarily emphasis of CPTED remains on controlling the crime through creating an environment where social conduct reduces the fear and anxiety of being harm. The atmosphere is developed where conduct of the people is according to the physical environment. This aspect of the physical security forms a setting where only the legitimate activities can take place. Measures should be audited which directly contribute in Crime Prevention Through Environment like organizational policies, checks, reporting systems, the other measures could be mechanical in nature like hardware and technological things such as locks, fencing, biometric etc. Auditors should observe the natural measures as well like all windows and security pickets are cleared from the visibility point of view and nothing is hindering visibility. Make it a point that no tree or the display is obstructing the direct observation. For the purpose lights can be installed and there shouldn’t be any area known as dark spot. Light is great deterrence.
Emergency response Teams and Rehearsals
If team is not well rehearsed and proper emergency response drills have not been carried out, its likely to have irreparable loss when emergency. Therefore, security manager and his team must be ready to tackle any emergency situation. For the purpose physical security measures are to be rehearsed with due diligence.
Managers to look for the technical and tactical gears as well. It may be ensured that alarm systems and other codes are working and re-tested. It has been observed that technical gears stop working due to not having an alternative of electric supply for the gears to work. CCTV cameras are often found not working and do not help in post incident investigation. Always
check emergency response systems. Physical security strategy should include emergency situation planning.
Security Managers are those personnel who are managing the security systems like Chief of Security, Security Director, Security Manager, Supervisor, Security Officer (Security Guard). The best way to manage the system through security vendor. It is essential part of the security audit that security vendor is selected carefully or not. Are the vendor being capable to meet the security needs. Are the credentials of a vendor security company okay, track records, website, other social media presence viz-a-vis ground applications and demonstrations are also pleasing from security perspective. Vendor response capability are to be gauged, quality of training, requirement of the weapons is to be assessed. There could be a choice of having unarmed guards but the ground will dictate or law of the land will guide to take the appropriate decision. If one observes critically, it will be found that few security companies are performing as top-notch security vendors while others trying to make money in which those would be failing too. Hence security vendors have to be selected with all judgements and justifications. During the selection of the security vendor, following must be ensured that security management of the vendor company knows following.
- Physical security of humans and assets.
- Knows the organizational policies in relation to security (Hiring agency can be share) and can implement the same.
- Executive Protection
- Close Protection
e, Risk Assessments
- Guards Security Awareness
- Celebrity Protection and Management (if hiring to protect celebrities /VIPs)
- Workplace Violence Protection
- Event Protection.
- Travel SOPs.
SOPs of COVID-19
SOP on Covid-19 are very important. We pray that things may come to normal situation very soon. Check list of covid-19 be prepared and guards deployed on physical security be briefed.
Lock and Key Systems
A proper SOP of the lock and key system should be devised. Now a days very superior technology has come in the market. The investment in latest gears are not wasted.
During the course of audit, experts may check that fire fighting equipment is complete and workable. Smoke area should be kept at a distance from the petrol dumps and flammable items. Sprinklers should be in working condition.
The building complies with all life safety codes and regulations and no outstanding code violations? (Obtain copy of most recent life safety inspection report). Security auditors are required to check that building has sufficient exits and those are well lit and sign posting complete.
Auditors may look into the electricity arrangements of the building. All security equipment linked with electricity should be powered round the clock. They have to see that alternative arrangements are complete in case there is a load shedding. Auditors may check for the quality of wires used in the electric circuit, for the purpose, he needs to check the annual electricity fitness certificate issued by the electrical Engineer. It is essential that certified electrical engineer may inspect all electric circuits annually (Some of the security experts / electric engineers advise the same activity after each two years). Certificate to that account may be kept in the records.
It would depend primarily on the type and nature of the program or the business operations that walkie-talkie set are required or not. Usually communication is considered essential part of the security audit. During the course of audit, quality of wireless sets, voice quality and range problems are required to be checked. Using of personal mobiles should be prohibited.
If nature of the business involves travelling in hazards area, it’s imperative to identify the route havens. Criteria for selection of route havens is given in the Reichert Security blogs / website.
Trainings and Tryouts
Training is very important to save the life. It is to be seen that all persons associated with the business or using the facility/ building audited have been fully trained and done life saving drills.
This disclaimer informs readers that the views, thoughts, and opinions expressed in the text belong solely to the author, and not to the author’s company or any company individual. The content is written in good faith, and you may not agree with the opinion. Author has the indemnity to any loss/ damage occurred as a result of implementing on the assessments of the author.
Major Imtiaz Ahmad Malik ( R ) Tamgha-i-Basalat , a result oriented Chief Executive of Reichert Security Services (Pvt) Ltd with vast experience at operational and strategic levels in Pakistan Army. Managing international organizations and operations with proven success