CONDUCTING A PHYSICAL

SECURITY RISK ASSESSMENT

FOR BUILDINGS AND OFFICES
In today’s commercial landscape, security is a top priority for businesses across every industry. While physical
security systems are not new, they are crucial for protecting people, property and assets.
Though there is no one-size-fits-all approach when creating an office building security plan, several trusted
procedures and physical security risk assessment tools can help business owners better understand their security
systems. By taking the time to undergo these procedures, staff members and administrators can make informed
choices based on reliable data when deciding which security trends, technologies and protocols to implement
during the redevelopment process.
This guide explains how to create and conduct an internal physical security audit and produce an office security
checklist for business and property owners who ultimately want to protect properties from physical and cyber
security threats.

EBOOK | PHYSICAL SECURITY ASSESSMENT

ENHANCING
SECURITY WITH
AN INTEGRATED
PHYSICAL
SECURITY
ASSESSMENT
A security audit is a way for business
leaders and managers to test the efficacy
of their current cyber and physical security
systems. When creating an office security
checklist, all relevant parties should
be aware of new and existing physical
security methods and emerging industry-
specific cybersecurity trends to highlight
potential flaws and help to improve wider
security protocols.
Examples of common business security vulnerabilities
include:

• Weak or stolen access credentials

• Poor data storage and management
• Unpatched software
• Misconfigured firewalls / operating systems
• Phishing/malware/ransomware attacks
Increasingly, the connectivity of physical and cyber
security features through advanced hardware and
cloud-based software has led to many businesses
redeveloping wider security networks, with recent
data suggesting that over 90% of organizations utilize
some form of cloud-based security.

While the benefits of integrated systems are worth

exploring for most modern businesses, security
teams must implement legacy and advanced security
features so hackers cannot gain access. This is where
a thorough security audit will assist, followed by a
comprehensive cyber and physical security checklist
for businesses to use as a guide.

EBOOK | PHYSICAL SECURITY ASSESSMENT

THE IMPORTANCE OF PHYSICAL SECURITY
AUDITS FOR BUILDINGS
A physical security audit is essential to understanding the current efficacy of an office or building’s physical
security setup. Thorough physical security audits, also known as physical security assessments, highlight areas
that effectively mitigate risks or weaknesses that require further attention.
A robust physical security system often contains commercial security cameras, door locks and even manned
guards. Still, if one of these elements is not working effectively, it could open the office or building to a physical
security breach.
Whether a small space or an entire facility, businesses should be proactive in ensuring their security solutions are up to scratch with a physical
site security audit and checklist, also known as a physical security assessment checklist.

By foregoing a physical security audit, organizations leave themselves open to bad actors to exploit vulnerabilities. Therefore, businesses must
undertake a detailed physical security auditing process coupled with a security survey checklist.

A physical security audit will also help establish the current risk level the office or building faces. Additionally, physical security assessments
help identify potential strategies to decrease the existing physical security risk.

EBOOK | PHYSICAL SECURITY ASSESSMENT

WHAT IS INVOLVED WITH A
PHYSICAL SECURITY AUDIT?
INTERNAL VULNERABILITY AND PENETRATION
TESTING
Internal vulnerability and penetration testing is a large part of adequate physical
security auditing. This is where a relevant employee or an external business acts as
a malicious threat or intruder to deduce how easy it is to penetrate certain security
systems. Alternatively, an internal computerized system can carry out this test to
ensure that the resulting data is impartial and unaffected by human error.

A successful physical security audit checklist can verify whether existing security
strategies are appropriate and compliant with current industry standards and
federal regulations. This procedure can also act as a way for internal security teams
to address any failures or security vulnerabilities uncovered during testing.

TERRITORIAL REINFORCEMENT AS PART OF A

PHYSICAL SECURITY ASSESSMENT
When considering how best to implement a site-wide cyber and physical security
audit checklist, the primary concern for most businesses will be creating a
dedicated internal physical security auditing process. This is where an in-house
physical security auditor produces a physical security risk assessment checklist.

Business leaders should utilize territorial reinforcement during the physical

security risk assessment checklist. This process involves a physical security auditor
surveying perimeter building infrastructure to ensure the site is marked as private
property. Appropriate territorial reinforcement includes fencing, walkways, hedges
and signage, but will cover any infrastructure within the site’s boundaries. To further
reinforce the perimeter of your site, consider installing commercial security cameras
with smart analytics, which can send alerts when an unauthorized person or vehicle
is spotted trying to gain entry. Products such as the Pelco Sarix Professional 4
range provide high-definition, advanced imaging alongside AI-enabled analytics for
intelligent detection.

EXTERNAL AND INTERNAL PHYSICAL

SECURITY AUDITS
Physical security audits can be conducted internally or externally, each approach
providing its pros and cons. A trained professional cyber or physical security auditor
will perform an external audit with no conflicting ties to the company of interest.
This approach allows for truly impartial findings and results.

Conversely, an internal audit will be performed by a vetted employee of the

company or through a computerized cyber and physical security risk assessment
tool. This method is often preferred during audits that involve handling sensitive,
valuable or confidential company and customer data.

Generally speaking, internal audits are preferred in most cases, as business leaders
can adjust certain standards and restraints as they see fit, though this approach is
only sometimes entirely impartial.

EBOOK | PHYSICAL SECURITY ASSESSMENT

HOW TO CREATE A PHYSICAL SECURITY AUDIT
CHECKLIST FOR BUILDINGS AND WORKPLACES
Developing an effective security audit checklist will require companies to understand the underlying functionality of their existing security
systems; because of this, no two safety checklists will look alike.

To begin creating an office building security checklist, administrators must break down their goals for the process into a manageable system.
Here’s a general outline of the steps companies should follow to ensure their security audit can provide actionable solutions.

OUTLINING SECURITY PRIORITIES EVALUATING CURRENT CYBER AND

To ensure that a cyber and physical security assessment checklist is
optimized to help improve operations, every point must be outlined
with the company’s primary goals in mind. For example, a financial
company handling sensitive customer data will require the core of
its security networks to be developed around cyber defenses. At the
same time, a retail chain will likely focus more on physical security
systems and a physical building security checklist.
By making these choices before expanding the audit’s scope, the
more intricate decisions, such as which varieties of hardware and
software should be installed or updated, will be made more evident.
IDENTIFYING KEY THREATS AND
VULNERABILITIES
With a clear picture of the intended objectives of the audit,
business leaders will be in a much more manageable position
to begin identifying any key threats and vulnerabilities currently
present, and by locating these possible weaknesses before the
audit, the potential for oversights can be reduced.
PHYSICAL SECURITY CHECKLISTS
In many cases, business leaders will find improving existing security
systems much more cost-effective and easier to implement alongside
company policy than installing new hardware and drawing up novel
security protocols. To do this, existing office building security features
must be reasonably evaluated.
Evaluating, in this case, means looking into the deeper mechanisms of
each security feature and considering how optimized these functions
are in terms of the wider security network. For example, an office may
have an extensive CCTV network, but recorded footage may be difficult
to locate in an outdated video management platform. Additionally,
security cameras may offer cloud-based remote viewing functionality
but lack appropriate encryption when communicating with off-site
smart devices.
By evaluating these processes and determining whether an existing
office building safety checklist has covered them, security teams
can focus newly designed office building security checklists around
essential tasks to improve the auditing process’s efficiency and efficacy.

Common security threats include ransomware and malware attacks,

of which 90% of all organizations were impacted during 2022,
phishing attacks, malicious insiders and employee negligence, with
these vulnerabilities having the potential to affect integrated cyber
and physical security systems in unison.

EBOOK | PHYSICAL SECURITY ASSESSMENT

CONDUCTING AN INTERNAL
PHYSICAL SECURITY RISK
ASSESSMENT
Once the appropriate prep work has been completed, teams will be ready to begin
carrying out the bulk of the work. The finer details of this process will depend
heavily on the businesses in question, though a basic outline that applies to most
modern organizations will consider the following essential processes.

POLICY AND PROCEDURE OVERVIEW

Review all security systems as part of the physical security audit and
assessments. This applies to the access control system, manned guards, security
cameras and other physical security solutions. This review will highlight any
potential security gaps and the efficacy of these solutions, and a physical security
audit specialist will be able to advise on any recommendations to enhance the
security setup.

FACILITY INSPECTION
A site inspection will need to be ticked off the physical security assessment
checklist. The auditor will need to inspect the construction of the building, the
layout and lighting to understand if there are any aspects of the property that a
lousy actor can exploit.

TESTING THE SECURITY SYSTEMS

It’s all good to have various commercial security systems, but it only matters if
they are working to mitigate security risks effectively. It is important to routinely
evaluate and maintain these systems as part of the physical security checklist to
ensure they serve their purpose effectively and help safeguard the facility.

STAFF TRAINING
The final step in the physical security audit process is ensuring staff understand
and detect any bad actors and their activities. By training the workforce,
businesses ensure their workers can spot and alert potential threats to the
security team so physical security is not negatively affected.

EBOOK | PHYSICAL SECURITY ASSESSMENT

 CONDUCTING AN INTERNAL
CYBERSECURITY AUDIT
CREATING A CONFIGURATION SCAN
This process involves using cybersecurity risk assessment software developed
to check how every network and computerized system within the organization is
configured, including the setup parameters and configurations currently in place.
The program will automatically check for vulnerabilities hackers can exploit to steal
data or access now-installed security hardware.

PERFORMING AN INTERNAL VULNERABILITY

SCAN
With the data collected from a configuration scan, a more focused internal
vulnerability scan can be performed to help highlight the specific flaws present in
each system and provide recommendations on how to fix them. Rather than looking
at how the wider network of security features is configured, this process will be
performed on each component individually.

COMPILING A PHISHING TEST

Phishing and other related social engineering threats affect over 80% of businesses
annually, with scammers targeting employees via well-disguised emails and
internet links. Mandatory phishing awareness training and compulsory tests should
be performed to protect companies from these cyber threats.

Alongside implementing software filters to help reduce the number of scam emails
received by employees, a thorough security audit will include simulated phishing
attacks, which can be used to evaluate how susceptible employees are to social
engineering to prevent future breaches.

DEVELOPING FIREWALL LOGS

A firewall is a hardware or software system to prevent unauthorized access to or
from a private computer network. These systems are essential to any cyber security
configuration as by installing firewalls, all data traveling through the network will
be automatically vetted for potential threats.

EBOOK | PHYSICAL SECURITY ASSESSMENT

CREATING A PHYSICAL SECURITY SAFETY CHECKLIST
A thorough office security checklist takes a 360-degree view of potential threats and vulnerabilities. The processes
detailed above will provide businesses with a solid cybersecurity foundation, which can help promote physical
security by ensuring that all staff are protected by on-site hardware.
However, security teams should also have well-planned and tested physical security checklists in place to inform employees and visitors of
potential workplace hazards and emergency plans. A building safety checklist will form part of a larger office security checklist, detailing
any structural risks and health and safety issues to prevent. An office safety checklist covers employee and client safety but considers larger
vulnerabilities such as fire, flooding and intrusion.

The following factors should be considered to develop an effective physical security or office safety checklist.

OFFICE PHYSICAL SECURITY CHECKLIST

Ensure the building is in good working order – An important part of your physical security audit checklist is to inspect your
building, which includes checking the building’s structure, layout and lighting to identify anything that can negatively impact the
site’s physical security. Consider the following:

 Are the doors and windows in good condition?

 Is there sufficient lighting throughout the building?

 Is the exterior of the property well maintained?

 Are there any blind spots or weaknesses in or around the building that can be exploited?

Locate hazardous areas – The specifics of this process will differ between industries. However, the main principles are to
ensure that appropriate signage is in place around dangerous machinery/workspaces/equipment and that relevant PPE is provided
and worn if needed. Considerations should also be made for adverse weather, such as ice, rain and strong winds.

POLICIES AND COMMUNICATIONS CHECKLIST

Review office or building security policies – By reviewing the current security policies, businesses can better understand
gaps within the written policy and if it can be built upon to deal with emerging threats. To help with this, ask yourself:

 What is the scope of your security review for your organization, business unit or team?

 Are there any existing security policies and protocols in place? If yes, are they up-to-date?

 Are there any conflicts between the different security policies?

Understand industry rules and regulations – All industries have rules and regulations designed to protect staff and visitors.
Business leaders must ensure that all staff are appropriately trained, aware of these rules, and informed of any changes.

Create and update emergency plans – Draw up clear plans for employees to follow in an emergency (natural disasters, break-
ins, fires, etc.) and ensure that emergency numbers are easily accessible. It also helps to have a clear chain of command in an
emergency, so department managers and security staff should decide upon this.

Implement a review period – While many aspects of a building safety checklist will remain unchanged over time, the process
must be reviewed regularly to ensure that any changes within the office are accounted for. These office building security checklist
reviews should occur at predetermined intervals, for example, every six -months or at least once yearly.

EBOOK | PHYSICAL SECURITY ASSESSMENT

 SECURITY SYSTEMS CHECKLIST
Compile a full security hardware and software audit – Considering hazards, industry regulations and emergency plans, now
is the time to review the security hardware you currently have to mitigate these risks and comply with rules. Your access control
technology, video security network, and any other security technology, on and offsite, should be considered in your physical
security assessments and checklist. Ask yourself:

 Is your technology fit for purpose and is it still up-to-date?

 Have your requirements changed, and now you need different functionality from your hardware?

 Will your site change for safety reasons, meaning you must change your camera or access control layout?

 Do all the required individuals have the correct access permissions and how are they administered?

 Are there any weaknesses in the access control or video security systems? Have any past events brought up a vulnerability
within one of your systems?

Speaking with a security expert about the technology and implementation available can help you gain a fuller understanding of the
options available.

EBOOK | PHYSICAL SECURITY ASSESSMENT

PHYSICAL SECURITY AUDIT CONSIDERATIONS BY
INDUSTRY
A physical security audit can differ depending on the business’s industry. The methods and observations that
an auditor or the internal team undertakes will vary as the needs and requirements of organizations in different
markets will mean a different approach to physical security assessments.

OFFICE AND COMMERCIAL SPACES
In office and commercial sites, particular focus should be placed
on the access control system and the video security solution.
For example, the access control system will need to be tested to
ensure that it works properly, granting access to those authorized
to enter the building and denying access to those not permitted to
enter the premises. As office and commercial spaces see a very
high daily footfall, the system must be reliable so as not to disrupt
the day’s normal business operations.
The video security operation will need to be assessed, too. Staff
need to be trained to operate the system to help safeguard the
office building or store. The security cameras must provide the
situational awareness that the security team needs to detect and
respond to security threats. Given that commercial spaces tend to
expand, it’s also worth considering that the video security solution
installed can scale up and integrate with wider systems and
software. Pelco’s open platform solutions are ideal for small and
large facilities planning for future growth in mind for their facility.
REAL ESTATE
Similar to an office security audit, in a real estate physical security
audit, the focus should be on securing the premises from those
unauthorized to enter. An effective access control system will
enable the organization to secure the facility and only grant entry
to those authorized. A key consideration will be to ensure the
allocation of access permissions is seamless, meaning temporary
visitors, like guests, couriers or contractors, can easily access the
building.
Security cameras at oil and gas sites are a key tool for security
teams to monitor events on their sites and ensure the safety of the
workforce. As a result, these security cameras need to be rugged,
meet stringent explosion-proof requirements and reliably deliver
footage day and night without fail. Pelco’s range of explosion-
proof cameras is purpose-built to handle such challenges and be
the most reliable pair of eyes when needed.
AIRPORTS
Airports require a comprehensive physical security audit, given the
extensive interior and exterior spaces that require safeguarding.
With this in mind, the video security solution that the airport has
in place will need to undergo a rigorous examination to ensure it
is still up to scratch and provide the airport security team with the
awareness they need to safeguard the airport. Airports security
cameras are rugged enough to handle outdoor conditions and
reliable to ensure they provide clear footage of spaces in and
around an airport, such as the Pelco Spectra Enhanced series.
The emergency response plans must also be vetted to ensure
the airport can safeguard travelers and employees during an
emergency. Airports are famous for their chokepoints and narrow
hallways, so the security team must understand where there may
be a weakness in their emergency plans during an evacuation. For
example, during an evacuation from the airport, travelers must
be able to reach their nearest emergency exit easily and quickly
without finding themselves stuck in a crowd navigating a narrow
area of a terminal building.

OIL AND GAS

Auditors within the oil and gas industry will seek to ensure
workers’ safety and that the equipment being used at these
hazardous sites is being properly maintained. Outlining a thorough
emergency and preparedness plan in the event of an emergency
will be a key consideration during the physical security audit, as
will be the video security setup.

EBOOK | PHYSICAL SECURITY ASSESSMENT

GET YOUR PHYSICAL SECURITY
ASSESSMENT IN ORDER
The key to developing a practical office building security checklist lies in implementing
regular and consistent assessments of all critical security systems and ensuring that
staff understand how each component communicates as part of the integrated network.

Security teams must present a clearly outlined auditing system that promotes
accountability at all levels. By committing to this process and drawing up a defensive
plan, office security systems can grow stronger with each update.

©2023 Pelco Inc. All rights reserved. MOTOROLA,

MOTO, MOTOROLA SOLUTIONS and the Stylized
M Logo are trademarks or registered trademarks
of Motorola Trademark Holdings, LLC and are
used under license. All other trademarks are the
property of their respective owners. 09-2023
[JS02]

PELCO.COM