Physical security in any business is paramount. The risks that can affect the safety of your employees, your workplaces, equipment and property are real and more present than ever. It goes without saying that no company is completely safe!
First of all, the physical security diagnostic is part of the resilience process of any organization. It aims to reduce the risks and vulnerabilities related to the security of people, places and the confidentiality of information and trade secrets.
As a business manager, we invite you to ask yourself a few questions to begin your reflection:
- Does your overall resilience approach include policies that address physical security within your organization?
- Are all of your employees trained on this topic and are periodic reminders given?
- Are everyone’s roles and responsibilities for physical security clearly defined?
- Does your organization have work procedures that address this issue?
- Do you have emergency contacts established in the event of an incident?
- Are all visitors always escorted on your premises?
- Are materials to be shredded and containing confidential (and sometimes personal) information destroyed on site with an employee present?
This leads us to introduce some basic measures to implement within your company. The objective of this article is to raise your awareness, so we will limit ourselves to a few brief explanations and examples.
Control the flow of people
First, it is necessary to ensure that internal and external access to the business location is controlled, for example, by means of identifying who is accessing the building at any time of day. This can be controlled by a process for managing each employee’s keys and access cards and the methodology for distributing and retrieving them to employees and visitors. In addition, a biometric system can also be used to identify each person entering the building using fingerprint and/or retina analysis if this level of security is required and permitted by regulation.
In addition, it is possible to include a directive in the security policy stipulating that each supplier or external stakeholder must be accompanied when visiting the place of business, in order to minimize the risk of theft. In this regard, we would like to point out that it is easy for anyone to use a camera and a miniature microphone that are difficult to detect or to use a cell phone to take pictures of documents on your employees’ desks or screens, and then to steal this information. Also, some vendors who have access to your premises on a regular basis may pose increased risks in this area, especially if they are unaccompanied. Depending on the case, criminal background checks and credit checks may be required.
Finally, to monitor the movements of employees and other people on the physical premises of the company, video surveillance with sound and images is an effective solution. It is important to consider recording and saving these videos for future reference.
Identify risk areas
Another process to consider is the identification of risk areas within the place of business. Response procedures for incidents that may occur should be linked to the company’s emergency response plan and fire safety plan. The concept of risk areas must include, among others: theft, physical aggression, lack of lighting, storage of hazardous substances, room capacity, evacuations, transportation and storage of monetary values, multiple vehicle traffic, parking lots, equipment, threats to employees and their family members, etc.
In short
There are several other factors that should be considered in developing the physical security diagnostic. Additional examples include:
- Establishing a clear process for employee sign-in and sign-out (key or access card retrieval, confidential documents, etc.);
- Monitoring of comfort equipment such as room temperature, ventilation, fire panel, etc.;
- Security measures applicable in a teleworking environment;
- The general safety of employees in the course of their duties, taking into consideration the threats they may face;
- Risks related to business travel as well as expatriate employees.
In summary, the physical security plan must be integrated into the organizational resiliency of any business, which includes fire safety, emergency preparedness, business continuity, crisis management, computer backup and cyber attack plans. More information on organizational resiliency will be covered in a future article.
Conclusion
Are you looking for expert assistance in diagnosing the physical security of your company? Benoit Racette Services-conseils inc. can help you in this process so that your prevention measures are well aligned with your resilience plans. Contact us now: [email protected].