How do you conduct a physical security assessment?Mohamed Mohamud
On site security limited has conducted 157 security assessments for a wide variety of different types of clients. While each project is unique, certain problems seem to come up time and time again. The following is a list of the top fifteen problems that we have found when conducting physical security assessments for our corporate clients. Check this list to see of any of these problems may exist at your company:
- There is no real support for the company’s security program from senior management. Members of the leadership team fail to follow bristol security procedures themselves, setting a bad example for the rest of the company’s employees.
- Employees don’t receive formal security awareness training and lack knowledge of the company’s security policies and procedures. Employees have not been properly trained on how to deal with events such as workplace violence.
- Employees fail to take basic precautions to protect company-owned and personally-owned assets. Offices, desks and workstations are frequently left unlocked; high-value items such as laptop computers, purses and backpacks are left unsecured.
- There is poor supervision of the contract security guard service used at the company. Too much reliance is placed on the contract security agency to properly supervise its own security guards, with little of no oversight provided by the client who hired them.
- There are poor visitor control procedures: visitors aren’t required to verify their identity, some types of visitors come through back entrances and don’t sign in, visitors are not properly escorted in and out by employees, many visitors fail to sign out when they leave.
- There is poor compliance with the company’s identification badge wearing policy; many employees and vendors don’t wear their badges, badges are worn in the wrong location or hidden, pictures on badges are outdated and unrecognizable.
- There are gaps in security background check procedures; while procedures for regular employees may be good, there is improper reliance on vendors and contractors to background check their own employees; some types of contract employees may go unscreened.
- There is poor control of keys issued to employees: no justification for who gets issued which keys, no good record of who has been issued keys or when, no procedures for dealing with lost or missing keys, no assurance that keys are turned in when an employee leaves the company.
- There is no good system in place to track thefts, losses and other security incidents: many incidents go unreported, there is no follow-up on incidents, and a quarterly or annual report that summarizes incidents is not prepared or analyzed.
- There are poor procedures for handling confidential information: sensitive documents are found left lying in unsecured areas, confidential file cabinets have inadequate locks, confidential information is placed in regular trash or recycle containers rather than shredded.
- Doors at building entrances and at secured interior areas don’t close properly or are left unlocked or propped open by employees.
- There is poor control of shipping/receiving/loading dock areas: doors are left open while unattended, valuable merchandise is left unsecured on the dock, and delivery drivers allowed to wander into secured areas.
- Employees managing and monitoring the company’s electronic security systems don’t really know how to use them. Only a small fraction of the security systems capabilities are being used.
- Electronic security systems are not thoroughly tested on a regularly scheduled basis.
- There is inadequate lighting in the company’s exterior parking areas and along the exterior pathways to the building.