It is common for businesses to implement certain security measures to safeguard assets, business operations, information, clients’ interest, as well as employees from any possible security risk and threat. Providing a strong physical security is increasingly important during periods of uncertainty, especially given the security incidents in recent times and the past that includes terrorism acts. Businesses with a vast network of operations are requiring all of their offices and facilities in their national footprint to implement the physical security measures faithfully on a daily basis to ensure not only the safety but also the smoothness of their operation. Businesses need to ensure that their physical security function operates properly and do not suffer from weaknesses and vulnerabilities that can be exploited.
Physical security is the use of physical safeguards aimed at preventing unauthorized access to assets, detecting attempted or actual unauthorized access, and activating the appropriate responses. It consists of certain physical measures in place to reduce the risk of unauthorized access that include access control to the premises, surveillance, as well as creating a security culture amongst the staff.
Physical Security Audit
The objective of the audit was to assess the adequacy and effectiveness of the physical security function that includes compliance with the standard operating procedure in place, government policy on security, and other relevant policies, directives, and standards.
The scope of the audit
- Standard Operating and Procedure assessment
The SOP in place acts as the guideline for the deployment of the physical security function. The assessment is intended to ensure that the SOP has covered all the possible risks and threats as well as the detection and prevention measures and supportive to the security culture building.
- Visual inspection
Visual inspection of the facilities aimed at assessing the conformity of the physical security function with the existing standard and policies in place and finding any loopholes or vulnerabilities. It includes the inspection of the perimeter such as outside fences, access points, and surveillance apparatus such as CCTV, as well as checking the trash bin to find any valuable materials/documents that may be skipped the shredding procedure.
- Physical penetration testing
Policies and procedures are tested to ensure not only how proper the physical security function in detecting, preventing and handling unauthorized entry; but also helping to create a quicker recovery time from an incident. The testing will benefit the businesses as it will expose the weak physical barriers and provide an understanding of the risks such as the degree of damage that the simulation attack/penetration can incur.
The testing methods can vary, but usually consist of:
- Overt entry: the pen tester casually walks into the premise and exploits the vulnerability to make an unauthorized entry.
- Covert entry: the pen tester will exploit the vulnerabilities of the physical perimeters/barriers such as fences or walls to make an unauthorized entry.
- Vehicle entry: the pen tester will simulate authorized access to the company’s commercial vehicles that operate outside its premises.