This document provides a security assessment checklist to help organizations methodically prepare a comprehensive security assessment. The checklist is divided into 11 categories that cover general facility information, geographical characteristics, community factors, physical security, personnel security, information security, investigations and intelligence, operations, policies and procedures, security training, and liaison activities. Not all elements will apply to every organization, but using this checklist can help avoid redundancy and improve accountability in the security assessment process.
Security Assessment Checklist RecommendationsSEC400 Version 4.docx
1. Security Assessment Checklist Recommendations
SEC/400 Version 4
5
Security Assessment Checklist
Use this Security Assessment Checklist as a resource to
methodically prepare a comprehensive security assessment. Not
all of the elements listed here will be applicable to every
organization, but working through the checklist will help you
avoid redundancy and improve accountability.
CATEGORY 1: GENERAL INFORMATION
· Nature of business or agency
· Facility name
· Address
· Survey date
· Hours of operation
· Facility contact person
· Phone number
· Fax number
· Email
· Environment survey conducted by
· Surveyor's address
· Surveyor's phone
· Surveyor's email
CATEGORY 2: GEOGRAPHICAL CHARACTERISTICS
· Political conditions
2. · Crime rates
· Personnel safety
· Availability of labor
· Economic conditions
· Medical treatment availability
· Public fire fighting availability
· Public utilities
· Public transportation
· Earthquake susceptibility
· Fire susceptibility
· Tornado susceptibility
· Severe weather susceptibility
CATEGORY 3: COMMUNITY
· Crime rate
· Aesthetic qualities
· Public police protection
· Fire protection
· Emergency medical services
· History of civil unrest
3. · Graffiti and vandalism
CATEGORY 4: PHYSICAL SECURITY
Facility Perimeter
· Fencing
· Landscaping
· Parking
· Employee parking area illumination
· Visitor parking area illumination
· Employee parking area monitoring
· Visitor parking area monitoring
· Lighting
· Vehicular traffic pattern
· Trash removal
· Protection from adjacent occupancies
· Proper signage
Building
· Description of building
· Common walls with adjacent occupancies
4. · Exterior door construction
· Exterior door locks
· Door lock operation
· Exterior window construction
· Window height above ground
· Window security
· Roof access restriction
· Building exterior lighting
· Shipping and receiving area monitoring
· Emergency exit
· Emergency exits unobstructed
· Interior door construction
· Interior wall construction
· Antitheft systems or mechanisms
Access Control
· Intrusion detection
· Building entrances minimized
· Employee entrance monitoring
5. · Visitor entrance monitoring
· Interior door locks
· Key control system
· Key sign-out and assignment system
· Keys accounted for
· Key safeguards
· Employee distinguishableness
· Visitor supervision
· Restricted access to sensitive or vulnerable areas
· Computer data storage restrictions
· Key storage area restrictions
· Mechanical and utility room restrictions
· Telecommunications room restrictions
· Mailroom restrictions
· Executive office suite restrictions
· Vendor access
· Vault or safe security
· Controlled substance security
6. · Hazardous material security
· Liquid asset protection
· Proper signage to direct visitors
· Alarm and Surveillance Systems
Fire Protection
· Fire alarm system
· Sprinkler system
· Fire extinguishers
· Fire suppression
· Fire alarm system testing
· Gas line protection
· Electric power cord protection
· Fire doors functional
· Flammable material storage
· Fire notification plan
· Fire evacuation plan
· Fire exits unobstructed
· Fire exits secured from outside
7. · In-house fire brigade
· Fire safety policy and procedures
· Address prominently displayed
CATEGORY 5: PERSONNEL SECURITY
· Employee background investigations
· Previous employer verification
· Security for personnel records
· Exit interviews upon employee termination
· Organization property retrieval at termination
· Employee and visitor safeguards against accidents, theft,
assault, and workplace violence
CATEOGRY 6: INFORMATION SECURITY
· Critical information identification
· Critical information security
· Information hardcopy destruction
· Employee nondisclosure agreement in place
· Intellectual property identification
· Intellectual property security
· Client and customer list protection
· Access to computers restricted
· Access to computer transmissions restricted
· Laptop and personal computer security
· E-mail access restrictions
· Internet connection security
· Electronic document destruction procedures
· Software licensing
· Prohibition against installation of outside software
· Terminated employees immediately denied access
· Disaster recovery plan
· Duplicate data files maintained at remote location
8. · Password security
· Information security indoctrination and training
· Cellular phone communication protection
CATEGORY 7: INVESTIGATIONS, INTELLIGENCE, AND
SECURITY
Background Investigations
· Employees (new)
· Employees (existing)
· Vendors and contractors
· Partnerships with other organizations
· Security clearances
Incident Investigations
· Investigation of any loss
· Accidents
· Safety hazards
· Crime
· Natural disasters
Intelligence
· Competition counterintelligence
· Criminal intelligence
· Foreign travel intelligence
Reporting Procedures
· Background investigations documentation
· Background investigation confidentiality
· Security activity log maintenance
· Recording of incidents
· Incident reported to proper manager and/or authority
· Adherence to reporting procedures
CATEGORY 8: OPERATIONS
9. · Audit procedures
· Employee locker or workstation inspections
· Accounting function separation
· Package control system
· Opening time ambush controls
· Closing time ambush controls
· Receiving area security
· Shipping area security
· Delivery driver controls
· Separation between shipping and receiving areas
· Equipment inventory
· Contractor and vendor audits
· Customer or visitor service
CATEGORY 9: POLICIES AND PROCEDURES
· Mission statement
· Vision statement
· Organizational goals
· Organizational values
· Quality improvement initiatives
· Employee code of conduct
· Employee misconduct policies
· Disciplinary procedures
· Termination procedures
· Search or inspection policies
· Removal of organization property
· Bomb threat procedures
· Evacuation procedures
· Severe weather procedures
· Natural disaster procedures
· Contraband detection
· Chemical abuse policy
· Drug testing policy
CATEGORY 10: SECURITY INDOCTRINATION AND
TRAINING
10. · Indoctrination for new employees
· Training for existing employees
· Executive protection
· Foreign travel training
CATEGORY 11: LIAISON ACTIVITIES
· Contact with local police maintained
· Contact sheriff maintained
· Contact with state police and highway patrol maintained
· Contact with fire department maintained
· Contact with appropriate federal agencies maintained
· Articulation and collaboration with other security
organizations