Professional Documents
Culture Documents
June 2019
1
Table of contents
Target audience.............................................................................................................. 3
Physical security – Rationale, principles and objectives ......................................................... 3
Assets to be protected ..................................................................................................... 3
Implementation.............................................................................................................. 3
Crime prevention principles.............................................................................................. 3
Crime Prevention Through Environmental Design (CPTED) .................................................... 4
Building envelope – protecting openings ............................................................................ 5
Access control ................................................................................................................ 5
Alarm system ................................................................................................................. 6
Video surveillance (CCTV) ................................................................................................. 7
Buying tips ..................................................................................................................... 7
More information ........................................................................................................... 8
2
Target audience
This document is intended for small- and medium-sized enterprises (SMEs) that want to implement physical
security measures to protect their assets.
This is not an exhaustive list, rather a summary of the main points to consider and take into account when
developing a physical security plan for an organization.
All physical security measures and procedures should comply with applicable laws and codes.
The value of an asset is the level of harm that would result if the asset’s integrity, accessibility or availability
were compromised.
Assets to be protected
Assets come in different forms:
• Tangible (e.g., high-value equipment)
• Intangible (e.g., intellectual property, confidential information)
• Mixed (e.g., employees)
Implementation
Organizations can use the following procedure to adapt the security measures to be implemented:
1. Identify the assets
2. Determine the value of the assets
3. Prioritize the assets based on value
4. Determine the threats and vulnerabilities of each asset
5. Determine the safeguards to implement for each asset
Defence-in-depth
Building interior
• Create multiple layers of protection
• Protect critical assets behind multiple barriers Building exterior
Access control
A technique that combines various methods of authorizing access to the entry points of an establishment or
premises to protect people, information and property.
Managing visitors
Access control procedures should also be put in place for visitors. A visitor is a person who is not an
employee of the organization and who needs to access an area reserved for employees. The goal is to
prevent a visitor from accessing a restricted area without authorization.
Alarm system
An alarm system is a way to detect and communicate unusual activities in real time:
Best practices
• Establish alarm response procedures based on the type of alarm
• Have a backup system that provides protection for at least 24 hours in case of power failure
• Keep the number of users of the alarm system to a minimum
Ask the following questions to determine the functional requirements of a CCTV system:
• What is the goal of the system?
• What is each camera supposed to monitor?
• What are the requirements for real-time monitoring or image recording?
• What are the lighting constraints?
Buying tips
Here are some important points to keep in mind when requesting a quote from a security service provider.
• Ask for a detailed quote (parts, labour, travel, annual fees, etc.)
• Ask for plans indicating the location of the components
• Buy equipment that can be supported by different suppliers so you can switch suppliers without having
to replace the equipment
• Ask about service delays in the event of malfunction