Procurement Services

Procurement Services

Physical Security Questionnaire

Discussion template are designed to be used in face to face meetings with suppliers as part of your supplier review approach.
Discussion templates may be sent to the suppliers in advance of meetings, but if suppliers are sending completed documents back then these must be encrypted to protect sensitive
information or attachments.

©Royal Bank of Scotland Plc 2016

Page 1
The Information Classification of this document is INTERNAL unless
stated otherwise
All other RBS documents classified as Internal, confidential or secret must be managed in accordance with the RBS process on managing and handling data
https://www.securityzone.rbs.com/kzscripts/default.asp?cid=4

Instructions

 Please ensure that the most relevant member of staff completes the questionnaire.
 All questions should be completed.
 Where you deem a question to be “Not Applicable” then “N/A” should be documented in the ‘Supplier Response’.
 You should attach relevant supporting documentation, where requested to do so and where the data is not confidential in nature.
 You should also provide documentation where you feel that this would add substance to your answers.
 You should be able to demonstrate all given answers during an onsite visit.

Questionnaire Responses

 Please detail the contact details and role of the person(s) responsible for providing the answers to the questions.
 This will assist with any follow-up queries.

©Royal Bank of Scotland Plc 2016

Page 2
The Information Classification of this document is INTERNAL unless
stated otherwise
 Supplier Full Name Job Title / Role Contact details

G. I. Group Network Col. B R Bakshi Operation

Security Technology Pvt., Phone: 09821695418
Ltd.
Email: info@getgi.com

G. I. Group Network R K Kaul Operation

Security Technology Pvt., Phone: 09911574187
Ltd.
Email: info@getgi.com

©Royal Bank of Scotland Plc 2016

Page 3
The Information Classification of this document is INTERNAL unless
stated otherwise
Physical Security Background

The RBS Physical Security Policy states:

“RBS provides a safe and secure environment to protect our customers, employees, contractors, third parties and assets. Through a combination of physical security measures and operational
procedures, our aim is to minimise the opportunities available to criminals to commit attacks against RBS by adopting a proactive approach to managing physical security risks. The threats faced by
our customers, employees, contractors, third parties and assets vary across divisions and business units. It is essential that threats are understood and that individuals are fully trained and aware of
all the measures in place to protect them.”

Who does this Policy apply to?

This Policy applies in all parts of RBS, to employees, contractors and third party users, including all divisions, control functions and support functions, in all countries in which RBS operates.

Compliance with the Policy is a requirement for all employees, contractors and third party users with direct access to RBS assets

No. Question Response RBS Use Only

1.1  How do you control and monitor access to premises, including  We follow the basic principle of access management in the following 
visitor access? ways:

a). Limiting the number of access parts.

b). Identifying and dedicating secure areas

c). Providing liaison areas between secure and non-secure areas.

e). Minimizing interference with the movement of visitors and system

operations.

f). Layering of security system

g). Using protective measures, addressing all threats detection, defuse,

mitigation response and recovery

1. Access to building is being only given to the staffs having the valid RBS ID
Card / Access Card. All the employees are asked to display valid identification at
all times, failing which they would not be given access to the premises at all.

©Royal Bank of Scotland Plc 2016

Page 4
The Information Classification of this document is INTERNAL unless
stated otherwise
 1.2  How do you protect your assets (property, equipment) from risk
of theft or damage from staff, customers and suppliers?
Do you maintain a record of all assets? This should be in IS
discussion template in Q1.4 and the evidence should be - Can
they show you an Asset register
 Each asset has its own level of risk, attractiveness as a target, 
vulnerabilities, accessibility and criticality to the system. However our
managers consider prioritizing risks through threat and vulnerabilities
assessments and select sets of counter measures that provide the
best overall risk reduction for the system as a whole.

 Security measures for each asset are equal to the threats and
vulnerabilities of that particular asset.

1.3  Please describe any occurrences of security breaches over the None
last 3 years?

1.4  How do you ensure your physical perimeters are effectively  We follow the following pattern for physical parameters: 
secured?
a). Security personnel

b). Policies & Procedures.

c). Perimeter protection and physical barriers.

d). Entry point screening

e). Surveillance system

f). Communication and information processing system

Patrolling of premises is being done. Guard has been assigned to perform

patrolling duty and Supervisor also patrols the area on regular interval.

1.5  How do you ensure all physical assets are Physically secured?
Yes
This includes removable media such as laptops / handhelds,
USB devices, external disks, backup tapes, CDs/DVDs,
Blackberry devices, documents in paper etc.
All goods and materials (including IT equipments) are accompanied with the
valid Gate Pass signed by the authorised signatory, when being taken out of
premises. Contents of the Items are being checked by the Guard as per the
Gate Pass. Any discrepancy being brought to the notice of the RBS officials
immediately. No items are being allowed to go out or allowed inside without
proper screening.

All the Vendor / Contractual Staffs are frisked thoroughly including the Security
Guards every time they leave the floor, at the time of coming on shift and at the

©Royal Bank of Scotland Plc 2016

Page 5
The Information Classification of this document is INTERNAL unless
stated otherwise
 time of going off the shift.

1.6  What governance procedures are in place for the disposal of N.A
physical assets?
1.7 
 If a third party is contracted to complete secure disposal or
archive of physical assets on your behalf, what assurances do N.A
you have to ensure that this is carried out in a secure way?
1.8  How do you ensure the personal security and protection of  As the threat level dictates the facility we have developed a verification
staff? process to ensure that all persons requiring access to the facility have
valid business at the facility.

 Vendors, contractors and visitors should be scheduled in advance to

the maximum extent possible. If their arrival is not prearranged entry
should be prohibited until their need to enter is verified.

 Valid identification cards or documents are issued to all visitors,

vendors & contraction as per their requirement in the facility.

1.9  Do your processes cover scenarios for staff joining, moving  For our security personnel we have our own system in place. For Bank
and/or leaving the company? staff & employees RBS admin informs our Security Supervisor and
simultaneously all security guards are informed.
1.10  What processes are in place for the reporting of suspicious  Physical security involves the proper layout and design of
physical activity or breaches and what escalation model is in facilities and the use of measures to deploy and prevent unauthorized
place? access to prevent assets. It includes measures to detect attempted or
actual unauthorized access. Physical activity or breaches also provides
 How are staff made aware of such processes and how measures to safeguard employees from violence. We follow the under
frequently? mentioned procedures:

a). Select and modify the facilities in order to facilitate the control of access.

b). Demarcate restricted access areas and have necessary entry points and
security system in place.

c). Frisking and use of HHMD and DFMD.

- END OF QUESTIONNAIRE -

©Royal Bank of Scotland Plc 2016

Page 6
The Information Classification of this document is INTERNAL unless
stated otherwise
Date document completed 26.09.2016

Supplier Representative name Col. B R Bakshi

Job Title General Manager

RBS Contract Manager name

©Royal Bank of Scotland Plc 2016

Page 7
The Information Classification of this document is INTERNAL unless
stated otherwise