Many facilities implement new security systems based on vulnerability assessment recommendations but fail to establish proper security design criteria. This can lead to systems that do not adequately address threats, are improperly designed or integrated, and increase legal liability. It is important to justify security system design through industry-standard criteria to demonstrate the level of protection is appropriate given identified threats and avoid potential negligence claims. Facilities should review existing systems and establish sound design criteria that brings their security in line with industry best practices.