Physical Security Audit & Assessment Checklist  |  Security 101

What is a Physical Security Audit and Why You Need One

Should you get a physical security site assessment?

A good physical security solution isn’t one-size-fits-all. Every space and building is unique, and security needs change over time. In today’s buildings, security systems need to protect the perimeter, as well as safeguard the sensitive data and information that’s constantly in motion. So even if you’ve installed security systems in the past, they may not meet the current standards for protection.

Don’t wait until after a breach has occurred to evaluate your physical security. A site assessment with a trained security professional can help you improve the safety of your building by uncovering weak points in your current system, and identifying the right technology to safeguard your space. Contact your integrator and review this checklist together to determine your risk level, and discuss ways to mitigate potential threats to your building security.

1) Identify potential security threats

Knowing what you need to protect against will help you identify the best security technology for your building. The most common security threats to businesses include:

• Theft and vandalism
• Insider breach involving sensitive data
• Negligent data management
• Phishing attacks
• Physical attacks
• Malware

2) Access control for physical building security

Having a good access control system in place is essential to protecting your assets, as it helps keep unauthorized individuals from gaining entry. The fact that many data breaches actually occur in conjunction with a physical breach only highlights how important access control is in securing your building. Access control comes in many different forms, from security guards at the door, to ID badges, to more advanced access technology like smartphone-based credentials. Whether you have an existing access control system, or are installing a brand-new security solution, this security audit checklist will help determine what types of credentials and capabilities are right for your space.

• Analyze all entry points to detect vulnerabilities. Note how many doors need to be protected, and how many people will need access on a regular basis.
• Determine if different permission levels will be needed for certain zones. Make sure the access control system you install has the functionality to set granular permissions per user and location.
• Install door readers at places where you want to limit who has access.
• Choose credentials that are secure and convenient. Mobile credentials have the added benefit of visual verification with digital badging, eliminating the need to carry an ID card.
• Use door schedules to automate your security. For example, set a lobby door to remain open during business hours when there’s a front desk person on duty, and set it to automatically lock and require users to credential in after-hours.
• Choose a cloud-managed access control solution to enable remote access to your security platform. Without the need to be on-site to unlock the door, issue credentials, or change the door schedules, cloud-based access control reduces headcount without compromising security.

3) Surveillance and intrusion detection

If somebody enters the building who isn’t supposed to, how will you know? Especially after-hours when there’s nobody at the building, or during minimal staffing shifts, video surveillance systems and alert systems can help prevent a security breach.

• Install video surveillance cameras at key entry points throughout the building, and anywhere that you need an extra set of eyes. Consider both exterior and interior spaces, including parking garages, IT closets, and spaces where sensitive data might be stored.

• Integrate the VMS with your access control system for enhanced visibility. This lets you associate video footage with entry activity, often in real-time, enabling a faster and more accurate response to situations in your building.
• Certain industries have specific retention standards for security camera footage, so check your local regulations to make sure your system is compliant.
• Set up automatic alerts to notify you of any malicious activity or potential intrusions.
• When door sensors are triggered, a mobile access control system can send out an alert for doors left ajar, a forced entry, or failed unlock attempt.
• Other sensors, such as glass breaking or gunshot detection, can further enhance your building security.

4) Environmental components 

Physical security isn’t just guards at the door and alarms. Natural elements, like landscaping, can aid (or hinder) your building’s security. Here’s what to look for as you complete your physical security risk assessment.

• You should be able to clearly see entrances and exits from inside the building. Make sure there’s nothing blocking windows, such as displays, signage or landscaping.
• Install exterior lighting in all parking lots, near entrances, and around pathways. Well-lit grounds can help deter potential criminals.
• Keep interior lights on at night and when the building is empty to deter intruders. For improved efficiency and sustainability, install a lighting system that’s integrated with building management platforms and access control to automatically adjust based on occupancy, the weather, and business hours.
• Make sure trees and bushes are well-maintained around the property.

5) Emergency response readiness

As part of your physical security audit, always check emergency response systems. Your physical security strategy should also include emergency situation planning,

• Ensure you have all necessary alarms per building codes, and that they are tested regularly.
• Create customized lockdown plans for different emergency scenarios. With an access control system like Openpath, you can activate Lockdown plans remotely, directly in the app for a faster response time.
• Install backup power sources for your security systems in case of a power or Internet outage to keep your building secure.

6) Physical security assessment for COVID-19

As a prime example of how quickly security needs can shift, the COVID-19 pandemic presented a new set of challenges for every organization. Use this security audit checklist to determine if your building has the right strategies in place to remain safe and secure during the pandemic.

• Choose security technology that can be managed remotely to minimize the staff needed at the building, and improve visibility without being on-site.
• Utilize occupancy management to adhere to social distancing guidelines. Some access control companies are able to automate and enforce occupancy limits, with real-time occupancy tracking dashboards to keep administrators informed. 
• Reduce common touch points with contactless technology. Touchless access control lets people unlock doors and enter the building without having to touch a common reader or credential.

Key takeaways

Taking the time to do a thorough security risk assessment is a proactive step in protecting your building and assets. Whether you’re auditing a small space or performing a physical security risk assessment on an enterprise organization with multiple locations, this checklist can help you pinpoint where your security may be lacking.

Choosing new security technology can be a daunting investment with so many options to choose from. When comparing different solutions, remember that a one-size-fits-all approach to security can leave your building vulnerable, so opt for systems that allow for customizations and seamless integrations to get the best protection possible. While this security audit checklist is a great place to start when it comes to understanding your risk, a security system professional can do a more thorough site walk and recommend the best solutions to ensure your building is protected from all types of threats.