​Do You Need a Physical Security Risk Assessment?

​Well, do you? The short answer is “Yes”.

So, let’s get to it.
​
“What is a Physical Security Risk Assessment?”
A physical security risk assessment evaluates all aspects that could potentially prove to be vulnerable and/or dangerous to your guests, your team, or your facility. By extension, this could also develop into a negative view of your business resulting in reduced income, and thereby lower profitability.
The appraisal can be as limited or extensive as you wish. We will consider more specifics of what you should look at, and why, a little later in this briefing. The only bad assessment is one that is not done.
 
  “My business isn’t big enough to need a physical security risk assessment.”
I am a strong believer that one should always set up their operations in a way that can easily be replicated as the company grows. Based on this alone, the little bit of time to perform an assessment of this type is a practice that is practical.
However, this goes much deeper than getting in the habit while your business is smaller. A physical security risk assessment can help you discover things that you may never have noticed otherwise.
Items like an exterior door that isn’t really closing all the way, thereby leaving a potential entrance of unauthorized person(s) where theft, damage, or worse could be the result. Or perhaps you will notice a cleaning rag that is usually placed by a heater, and with winter just around the corner, this is a potential fire hazard.
How about items that have “just somehow” accumulated on the outside of the only secondary exit to your location? In the case of a fire or a downed tree blocking your main threshold people could be trapped inside your facility.
The items you discover might be small, or none at all, but they could be something substantial. You just eliminated a potential physical security threat.
“Yes”, your business is large enough to schedule regular and thorough physical security risk assessments. More on the structure and timing of the assessment is below.
 
“We have regular security patrols. They will tell me if something is wrong.” 
“Yes” and “No”
It is true that for quality security teams, whether internal or contract, the officers should be providing information to the appropriate person(s) of items that could cause or be used to create a security issue. However, in most cases, security personnel on patrol, foot or vehicular, are primarily looking for immediate security issues.
The primary concern for the security officer is to protect and deter. They will not have the same emphasis on evaluating potential holes in your security that a dedicated physical security assessment would achieve. Because this is a secondary or tertiary function for the officer, items could be missed that a dedicated assessment would reveal.
Someone from the security staff can certainly be assigned to perform a good and thorough assessment, but it needs to be in a capacity where this is their only job to do for the time it takes to complete.
 
 “Can I do it myself?”
Certainly. The only real criteria needed to do an accurate assessment is to be observant with a keen eye for looking at potential issues.
If you have an assessment guide form that is used every time, it will provide where to look and what to look for. It should also be noted that this form should be reviewed by someone in security leadership a minimum of quarterly.
 
“How do you do it?”
You will need to adopt a different mindset while executing the physical security assessment. One we will call “the bad guy”. This is pretty straightforward, “the bad guy” is looking for any way they might be able to break in, create chaos, or disrupt your operations.
As you move throughout your assessment you will see things from a different perspective. Instead of “That outside door wiggles a little, but it is still locked.” You will see that door as an opportunity to get a crowbar in that ‘wiggle’ to pry it open.
Here is a basic beginning list to start work from:

• Rate of crime in your neighborhood
  • For this purpose, you can simply search “Crime Map” for your city and get the information you need.
• Types of crime most commonly committed
  • The Crime Map mentioned above will also provide this information
• Number of people with access to your facility, including after-hours access
• Number of entrances and exits to your facility
• Do you have monitoring systems in place?
  • If so, are they fully operational?
  • If not, do you need a system now?
• Personnel
  • Have they been trained in observational skills on how to detect potential issues?
  • Do they know the reporting system to pass along any information?
  • Has anyone left your company recently under less than desirable circumstances, who might hold a grudge?
• Physical structure assessment
  • Doors, windows, skylights, vents
    • Do they lock?
    • Are they locked?
    • Are they tight-fitting or do they wiggle?
    • Are they alarmed?
    • Do they need to be?
  • Lighting
  • Safe passage to the parking lot
• Record your findings
• Review for opportunities to correct and/or improve.

Your specific situation will determine how often this type of physical security risk assessment needs to occur; however, your team should complete one no less than every six months.
 
Closing notes
Do you need a Physical Security Risk Assessment? The short answer is “Yes”.
There are a lot of online templates, resources, and information on how to do these. There are companies that will offer their services to do this for a fee, and there are security companies that will do this at no charge. Please be cautious about whom you let in your facility to do a security risk assessment; they will be gathering a lot of information about your potential vulnerabilities.