Conducting a physical security risk assessment is an important part of any organization’s risk management framework. When you consider what you would like to protect, where your vulnerabilities are, and the most effective way to mitigate your risk, you’re heading in the right direction. You can’t always know where the next threat will come from, but by utilizing risk assessments, you can prevent a lot of headaches before they even happen.
To get the most value out of a physical security risk assessment, there are a few things you should know. Missing key details can leave you vulnerable, and unaware of the hole in your defense system until it’s too late.
What Is A Security Site Assessment?
A security site assessment (or physical security risk assessment) is a comprehensive evaluation conducted by a security professional. It typically includes an inventory of the assets to be protected and recommendations on how best to protect them. A strong physical security risk assessment will consider how to protect from external threats, natural disasters, and internal damage.
Who Needs Physical Security Risk Assessments?
This is a pretty simple answer: any building, of any size, that is open to the public and houses employees or students.
These risk assessments are appropriate for nearly any organization—from schools to corporate headquarters, to sporting arenas, convenience stores, manufacturing plants, and municipalities.
In fact, targeted violence is on the rise and any organization can be at risk. Interpersonal and domestic conflict is human nature, and those issues can spill over to the workplace. In addition, neighborhoods can change, or an organization may move locations. Those are all great reasons to do a risk assessment of physical security concerns.
The Benefits of a Physical Security Assessment
There are likely areas in your facility that are unprotected and leave you at risk. Areas you look at every day could be a problem, and you may not even realize it. Something that may be obvious to a security expert – like an unprotected door latch bolt – is easy for a building owner to overlook.
With that in mind, here are five benefits of being proactive about a physical security risk assessment:
- Once your physical security has been breached, you can only react and clean up the damage. Being proactive about physical security will save you time, money and stress.
- Technological advancements work in two ways. On one hand, criminals may use more advanced technology to break in. On the other hand, if you stay on top of technologically advanced solutions, it can deter bad actors from even making an attempt to breach your facility.
- Regulatory compliance in many industries requires conducting routine physical security assessments. Failing to do so could be a costly mistake.
- There may be insurance benefits to proactively managing your risk. Ask your insurance company if they incentivize risk management through physical security assessments.
- Building owners may be exposed to civil liability if an employee is hurt or killed. By hiring a legitimate, experienced security consultant, you can provide proof that you did your due diligence to protect the people on site.
In the case of litigation, that last point is extremely important. Foreseeability is now part of the conversation when it comes to corporate or school security and liability. In essence, foreseeability breaks down into two basic questions:
- Would a reasonable person be able to foresee that this event was to occur?
- What did the organization do to mitigate or prevent it?
You’ll need to be prepared to answer those questions if there’s an incident at your facility. The plaintiff’s lawyer has the right to call in your security consultant and ask him or her to provide proof of a security assessment and your response to their recommendations. They’ll even dig into the background of your consultant to see if they’re a qualified expert in their field.
This is one very good reason to hire a reputable security firm with extensive experience.
The 10 Steps of a Physical Security Assessment
A comprehensive physical security risk assessment will cover not only the premises, but also the people and their perceptions of security. This isn’t just about making your facility safe, it’s also important to make people feel safe. You also need to balance how to implement solutions without impeding innovation and productivity. There’s a lot to consider.
1. Identify the Scope of Your Risk Assessment
Does your organization have multiple locations or buildings? What are the assets and/or key areas you are trying to protect? These are some of the first questions your security expert will ask, so start by preparing your answers.
2. Hire a Reputable, Trustworth Security Expert
There are many firms out there that advertise themselves as experts, but be warned: not all security pros are legitimate. Do your due diligence and look at their:
- Education and training
- Associations and certifications (such as a board-certified PSP from ASIS International)
- Experience in the industry
- References, reputation, and reviews
It’s also a good idea to consider their area of expertise. If you’re securing a school, you’ll want to work with an expert who has an extensive portfolio of work in educational facilities.
If you expect ballistic barriers to be part of your security solution, engaging TSS early on in the process can be extremely beneficial to planning out security upgrades in tandem with your ballistic barriers. Bulletproof systems tend to be heavy, so you want to make sure your structure is capable of handling the load. You also want to make sure you are installing bulletproof glass as efficiently as possible for your security goals.
3. Identify Potential Risks
Your security consultant will talk to you about potential security risks, plus do their own homework. This can include threats like disgruntled ex-employees, crime rates in your area, natural disasters common in your location, and more.
4. Review Regulatory Compliance
Your security expert should be familiar with any regulatory compliance standards that you maintain for your facility. Let them know about any standards you need to comply with, if they haven’t already asked.
5. A Thorough Review of Your Existing Security
Think of this as a physical security audit for your property. An experienced security professional will take a layered or a 360-degree approach, starting at the outer perimeter of the facility. This may even include the surrounding neighborhood and the fence line. Then, the consultant would assess the middle perimeter layer including elements like parking areas, lighting, cameras, windows, doors and alarm systems. Finally, the inner perimeter assessment, which covers access control points, scanners, inner rooms, stairwells, and hallways. This can even include identifying items like wiring issues that may leave you vulnerable to fire.
Each phase of security should get stronger as you get inside the next layer. The goal is to have highly-hardened areas where people are present.
6. Survey Personnel
Proactive threat mitigation may come from a surprising source. Your consultant may survey some of your staff or conduct interviews to find out what they’re worried about. The results can be very useful. For instance, if people feel nervous leaving the building at night and walking to their transportation, solutions like better lighting may be all it takes to help them feel safe.
7. Review Physical Security Systems
Existing security systems like alarms and cameras should be evaluated for effectiveness. Are they functional? Are there blind spots? Is the technology or equipment outdated?
Whether it be malicious intent or simply naivete, sometimes your own personnel can pose a threat. Reviewing employee access can help ensure that only authorized personnel have rights to your vulnerable points. Plus, it’s always good to ensure ex-employees' access has been revoked across all systems.
8. Assess Threat Impact and Likelihood
Your security consultant will take in all this information and use it to help you triage your biggest blind spots. They’ll correlate the expected threats with their security audit findings in order to help you understand the most efficient and effective use of your resources.
9. Physical Security Risk Assessment Report
Next, your consultant will send you an in-depth report with their recommendations. This may include a tiered solutions approach to fit different budgets. The report should help you understand which solutions are easy and cost-efficient, which ones provide the most value, and which ones are absolutely critical to compliance and liability concerns. They may make recommendations for different vendors or contractors to make the security upgrades, certified experts who they have found to be trustworthy.
The reports are extremely detailed. They’ll go into specifics—from the content of the employee interviews to the observations about your lighting outside. The recommendations may be as simple as replacing some locks or complex as installing bulletproof barrier systems. There’s a lot of information to consume in the report and your consultant should walk you through all of it.
They may also recommend employee training such as active shooter response or workplace violence prevention, or other disaster response training.
10. Engage Your Security Expert to Oversee the Security Projects
Not all consultants offer this final step, but some security consultants are available to oversee the security upgrades. When this is an option, having your consultant present can help you feel confident that things are done correctly and security details do not get overlooked.
When it comes to ballistic barrier systems, it’s important to partner with a security expert who has experience. Designing and installing these systems is not something that can be done by just anyone. Aesthetics and elegance are important aspects that require a skilled professional. In particular, you want people to feel safe but not impede the flow of their work, which is an important consideration in the overall system design.
Considering Your Own Physical Security Risk Assessment
It’s always best to be proactive vs. reactive when it comes to keeping people safe. Your risk assessment is your chance to get ahead of potential threats and prepare for potential disaster. It is one of the most effective ways to protect your employees and your business.
There’s also an incentive to provide peace-of-mind to the people you’re protecting. People who feel safe perform better. If you are considering how your own facility may be vulnerable to ballistic threats or forced entry events, then bulletproofing your security may be the right answer.
For more information, download our Ultimate Guide to Ballistic Security. Or, if you’d like to talk to one of our security experts about how to harden physical security for your facility, you can always contact us. We can give you our genuine advice about what is best for your organization’s security.