Physical Security Audit And Assessment

Major Imtiaz Ahmad Malik ( R ) Tamgha-i-Basalat, a result-oriented Chief Executive of Reichert Security Services (Pvt) Ltd with vast experience at operational and strategic levels in the Pakistan Army. Managing international organizations and operations with proven success

(From Imtiaz Ahmad Malik, CEO of Reichert Security)

Security audit and assessment aim to check the security installations, security procedures, missing trails, compliance, desired impacts, and effectiveness of the existing security. It is evaluated keeping in view the associated risk levels. Security cannot be planned and glassed with a view “a size fits to all” as every facility, and every area would dictate different security demands about size, equipment, security gadgets, weapons, and even the security company to be selected. For example, Reichert Security and onyx security are known for superior guarding (best bodyguards and bouncers) in Pakistan while HLS, Phoenix, fearless, and ADT are famous for providing alarm systems. Some of the companies are renowned for the protection of cellular sites like Reman Security and Pacific Security.

What is a Physical Security Audit?

 Perceptions and Misconceptions of Physical Security Audit and Site Security Audit

There is a difference between Physical security audit and a site security audit. Physical security means only those features and procedures that need to be audited linked with the protection of people, property, and information. Site security audit shall cover all aspects of security including, general area threat assessment, security plan, security manual, security team, physical security, crisis management, emergency responses, training, reviews, and improvements.

A security audit is a constant activity that must be done periodically. A size and one-size-fits-all both strategies do not work here. It can be feasible in the field of clothing or education and other fields or the industry. Installation of security systems or the quality of guards you hired last year not necessarily would work this year as well, they may not meet the current standards for protection and reliability. You don’t have to wait until a big disaster has taken place to carry out the security audit. For example, a fire took place in a renowned trade center in Lahore and 50 percent of the building was destroyed, and damage to millions had occurred. Fire alarm systems and other gadgets have been installed after considerable damage. So, need not wait, carry out the audit of existing security and eliminate the risks without fail.

Very trained security professionals are available in the market and can be requested to carry out the security audit. Prepare a checklist with the security vendor company, identifying the naked security, gaps, and other weak links, reviewing the risk levels, and trying to mitigate the potential risks.

Excellent and large organizations have dedicated compliance teams, Monitoring and Evaluation teams (M &E), or Monitoring-Evaluation-Accountability and Learning groups (MEAL sections) to perform such activities to keep things working in a befitting manner. Security experts carry out audits generally once a year however the interval can be reduced or increased keeping in view the change in the security environment.

It is to be remembered that risk assessment is different as compared to security audit. In a security audit, experts see the naked security (security gaps) in existing physical security whereas risk assessment is an altogether different activity. In a security audit, work is done on existing and already complied parameters, documents, and SOPs.

Threat Perceptions

Threats prevail in the environment. Managers need to know the nature of business and associated risks. Threats could be many but it must be identified which type of risk could harm their business about physical security. After classifying the risk, mitigation measures should be worked out for physical security. We observe that the under-mentioned threats to different businesses are common.

• Burglary and destruction
• Break-in or robberies
• Data stealing
• Fire
• Target Killing
• IED Attacks
• Physical attacks
• Harassment
• Kidnapping
• Terror activities
• Corruption
• Misuse of equipment and vehicles

Access control

Access Control (AC) Systems have to be strong for superior protection. Just deploying the security guards on a gate or installing a walkthrough gate doesn’t mean that access control protocols have been completed. Access Control is a system that prevents every type of entry which can harm the business. Identification of the risks is not the responsibility of the security guard but this is the obligation that has to be performed by the management.

Security breaches generally occur in conjunction with a physical breach of access control.

AC starts with a simple security guard at the door and goes to ID badges, walkthrough gates, mobiles, laptops, and even your daily mail. Checking on AC authorization is imperative. The security audit will help the organization devise the SOPs to save all the employees and assets from a major disaster. The following may be checked critically. Mechanical and electronic measures (resistance time), Personnel measures (Security Guards), Psychological measures (martial deterrents), and Architectural measures (E.g. revolving door, etc.).

Barriers and Access Hardening

For hardening the access to the building there could be hurdles to deter the criminals. The same can be Natural and Man-made, for example, natural cover could be some rivers or marshes, etc. Man-made barriers can be fences, barbed wire, gates, doors, windows, locks, walls, etc. Barriers

are generally planned to discourage illegitimate entries or access by incident, by force, or by design.

Surveillance and detection of unauthorized entries

Various implements help to keep the people under surveillance. One can detect unauthorized entries very easily even after hours. Organizations should install surveillance cameras at every entry point of the facility to have an extra eye on all unauthorized movements. The same will help in the performance of other security protocols. It is to be remembered that extra visibility to the management has paramount importance for the success of the business activity. Biometric machines and walk-through gates can be installed to check and deter unauthorized entries. To check weapons and other materials which can cause damage to human life can be checked through metal detectors. The use of an explosive detector is best to identify any entry with an explosive.

Ecological Mechanisms and Crime Prevention through Environmental Design (CPTED)

Effective use of a built environment leads to satisfactory feelings of being safe and secure. It can reduce the chance of crimes and terror. It can provide a cordial environment for work and living freely. Crime Prevention through Environmental Designs (CPTED) can be applied in existing buildings and construction as well. Primarily emphasis of CPTED remains on controlling crime by creating an environment where social conduct reduces the fear and anxiety of being harmed. The atmosphere is developed where the conduct of the people is according to the physical environment. This aspect of physical security forms a setting where only legitimate activities can occur. Measures should be audited which directly contribute to Crime Prevention Through Environment like organizational policies, checks, and reporting systems, other measures could be mechanical like hardware, and technological things such as locks, fencing, biometrics, etc. Auditors should observe the natural measures as well like all windows and security pickets are cleared from the visibility point of view and nothing is hindering visibility. Make it a point that no tree or display is obstructing the direct observation. For this purpose lights can be installed and there shouldn’t be any area known as a dark spot. Light is great deterrence.

Emergency response teams and Rehearsals

If a team is not well rehearsed and proper emergency response drills have not been carried out, it’s likely to have an irreparable loss when an emergency. Therefore, the security manager and his team must be ready to tackle any emergency. For this purpose, physical security measures are to be rehearsed with due diligence.

Managers to look for the technical and tactical gears as well. It may be ensured that alarm systems and other codes are working and re-tested. It has been observed that technical gears stop working due to not having an alternative of electric supply for the gears to work. CCTV cameras are often found not working and do not help in post-incident investigations. Always

check emergency response systems. Physical security strategy should include emergency planning.

Security Vendors

Security Managers are those personnel who are managing the security systems like the Chief of Security, Security Director, Security Manager, Supervisor, and Security Officer (Security Guard). The best way to manage the system is through a security vendor. It is an essential part of the security audit whether the security vendor is selected carefully or not. Is the vendor capable of meeting the security needs? Are the credentials of a vendor security company okay, track records, website, and other social media presence viz-a-vis ground applications and demonstrations are also pleasing from a security perspective. Vendor response capability is to be gauged, quality of training, and requirements of the weapons are to be assessed. There could be a choice of having unarmed guards but the ground will dictate or the law of the land will guide to take the appropriate decision. If one observes critically, it will be found that few security companies are performing as top-notch security vendors while others trying to make money in which those would be failing too. Hence security vendors have to be selected with all judgments and justifications. During the selection of the security vendor, the following must be ensured that the security management of the vendor company knows the following.

1. Physical security of humans and assets.
2. Knows the organizational policies about security (Hiring agency can be shared) and can implement the same.
3. Executive Protection
4. Close Protection

Risk Assessments

1. Guards Security Awareness
2. Celebrity Protection and Management (if hiring to protect celebrities /VIPs)
3. Workplace Violence Protection
4. Harassment
5. Event Protection.
6. Travel SOPs.

SOPs of COVID-19

SOP on Covid-19 is very important. We pray that things may come to normal situation very soon. Check list of covid-19 be prepared and guards deployed on physical security be briefed.

Lock and Key Systems

A proper SOP for the lock and key system should be devised. Nowadays very superior technology has come into the market. The investment in the latest gears is not wasted.

Fire Fighting

During the audit, experts may check that fire fighting equipment is complete and workable. Smoke areas should be kept at a distance from the petrol dumps and flammable items. Sprinklers should be in working condition.

Life Safety

Does the building comply with all life safety codes and regulations and has no outstanding code violations? (Obtain a copy of the most recent life safety inspection report). Security auditors are required to check that building has sufficient exits and that those are well-lit and signposted completely.

Supply Power

Auditors may look into the electricity arrangements of the building. All security equipment linked with electricity should be powered round the clock. They have to see that alternative arrangements are complete in case there is a load shedding. Auditors may check for the quality of wires used in the electric circuit, for this purpose, he needs to check the annual electricity fitness certificate issued by the Electrical Engineer. It is essential that certified electrical engineer may inspect all electric circuits annually (Some of the security experts / electric engineers advise the same activity after every two years). A certificate to that account may be kept in the records.

Communication

It would depend primarily on the type and nature of the program or the business operations that walkie-talkie sets are required or not. Usually, communication is considered an essential part of the security audit. During the audit, the quality of wireless sets, voice quality, and range problems are required to be checked. Using personal mobiles should be prohibited.

Route Havens

If the nature of the business involves traveling in hazardous areas, it’s imperative to identify the route havens. Criteria for the selection of route havens are given in the Reichert Security blogs/website.

Training and Tryouts

Training is very important to save life. It is to be seen that all persons associated with the business or using the facility/ building audited have been fully trained and have done life-saving drills.

Disclaimer

This disclaimer informs readers that the views, thoughts, and opinions expressed in the text belong solely to the author, and not to the author’s company or any company individual. The content is written in good faith, and you may not agree with the opinion. The author has the indemnity to any loss/ damage occurred as a result of implementing