This document provides an overview of physical security best practices for protecting facilities and critical infrastructure. It discusses implementing a risk assessment and physical security program that identifies threats, assesses vulnerabilities, evaluates countermeasures, and manages risk through a continuous cycle. The document also outlines federal policies regarding critical infrastructure protection and the 18 identified critical infrastructure sectors. Key physical security technologies and an example design solution checklist for securing a data center are presented to illustrate applying security principles.

1. SECURITY
TECHNOLOGY
BEST PRACTICES
The Physical Security Risk Management Book
BY JAMES McDONALD, PSNA A PROUD MEMBER OF INFRAGARD, IFMA, ASIS & IAHSS

2. Introduction
Table of Contents Today, integrated electronic and IP security
systems can do many things. They can provide
Table of Contents 2 better security detection and confirmation, with
Introduction 2 less labor than ever before; they can work
seamlessly with other systems running within
Risk Management & Physical Security 4
the organization to alert and investigate
Critical Infrastructure Monitoring 8 activities, detect threats and automatically
Implementation 9 initiate a threat response. Over the last decade
the integration and use of physical security
Policy Basics 11 solutions as a Risk Management and Asset
Non-Compliance 11 Management tool has reduced theft, fraud and
Identification Procedures 12
violence by huge numbers. In most cases the
return on investment (ROI) of these systems,
Summary 12 used correctly, has been in months and weeks
Appendix A: Understanding Physical not in years. My goal here is to discuss how my
associates and I have been successful in
Access Control Solutions 14
multiple industries providing these solutions and
Site Survey for Access Systems 18 at the same time improving the overall security,
Physical Security Data or Key Facility productivity and profits of our clients.
Assessment Checklist 20
For thousands of years man has developed
Contact Information 46 systems and countermeasures to protect
assets, whether buildings,
people, food supplies, etc. What
we do in the security industry is
to constantly improve and
Disclaimer update those countermeasures
to keep pace with those who
Reference to any specific commercial product, would do you harm physically,
process or service by trade name, trademark financially or emotionally for their
manufacturer, or otherwise, does not constitute
or imply its endorsement, recommendation, or
own personal or organizational
favoring by American Alarm and gain. Where 2,000 years a
Communications, Inc. or INFRAGARD. The Roman Centurion may have protected the
views and opinions of author expressed within assets of the time, today
this document shall not be used for advertising
or product endorsement purposes. we can use wireless
camera systems and
To the fullest extent permitted by law, the author audio, which is monitored
accepts no liability for any loss or damage
(whether direct, indirect or consequential and 24/7/365 days per year
including, but not limited to, loss of profits or through a central
anticipated profits, loss of data, business or command center to
goodwill) incurred by any person and howsoever
caused arising from or connected with any error
protect any asset at any
or omission in this document or from any person time, almost anywhere.
acting, omitting to act or refraining from acting
upon, or otherwise using, the information Since 911, to address the threat posed by those
contained in this document or its references.
You should make your own judgment as regards who wish to harm the United States or their own
use of this document and seek independent employees, critical infrastructure owners and
professional advice on your particular operators today are continually assessing their
circumstances. © 2012 by James E. McDonald
policies, procedures, vulnerabilities and
increasing their investment in security. State
2|Page

3. and municipal governments across the Homeland Security Presidential Directives 7
country continue to take important steps and 8 are putting pressure on public and
to identify and assure the protection of private locations, and managed services
key assets and services within their entities to comply with a myriad amount of
jurisdictions. security and privacy issues. Within the broad
concept of the United States' national and
Federal departments and agencies are homeland security policies are several specific
working closely with industry to take policies which focus on a specific aspect of
stock of key assets and facilitate national or homeland security. These policies
protective actions, while improving the include: the National Security Strategy, the
timely exchange of important security National Infrastructure Protection Plan, the
related information. The Office of National Health Security Strategy, the
Homeland Security is working closely National Strategy for Physical Protection of
with key public- and private-sector Critical Infrastructure and Key Assets, the
entities to implement the Homeland National Strategy for Homeland Security, the
Security Advisory System across all National Counterintelligence Strategy of the
levels of government and the critical United States, the National Strategy to
sectors. Secure Cyberspace, and the National Military
Strategy of the United States of America.
As a proud member if INFRAGARD, and Each of these strategies form a part of the
their goal to promote ongoing dialogue overall national and homeland security policies
and timely communication between of the United States, and in combination defines
members and the FBI. My team and I how the United States acts to protect itself from
work hard every day to help those in key enemies, both foreign and domestic.
sectors protect their facilities,
employees and visitors from internal and Homeland Security Presidential Directive 7
external threats. In today's ever- (HSPD-7) & Physical Protection of Critical
growing regulatory compliance Infrastructure and Key Assets identified 18
landscape, organization can greatly critical infrastructure and key resources (CIKR)
benefit from implementing viable and sectors. Each sector is responsible for
proven physical security best practices developing and implementing a Sector-Specific
for their organization. Plan (SSP) and providing sector-level
performance feedback to the Department of
There are plenty of complicated Homeland Security (DHS) to enable gap
documents that can guide companies assessments of national cross-sector CIKR
through the process of designing a protection programs. SSAs are responsible for
secure facility from the gold-standard collaborating with public and private sector
specs used by the federal government security partners and encouraging the
to build sensitive facilities like development of appropriate information-sharing
embassies, to infrastructure standards and analysis mechanisms within the sector.
published by industry groups like the
Telecommunications Industry These Industry Sectors are broken down as
Association, to safety requirements from follows:
the likes of the National Fire Protection  Agriculture and Food
Association.  Banking and Finance
 Chemical
Recent federal legislation, ranging from  Commercial Facilities
the Gramm-Leach Bliley Act (GLBA),  Communications
the Health Insurance Portability and  Critical Manufacturing
Accountability Act (HIPAA) and The  Dams
Sarbanes Oxley Act of 2002 (SOX)
3|Page

4.  Defense Industrial Base
 Emergency Services
 Energy
 Government Facilities
 Healthcare and Public Health
 Information Technology
 National Monuments
 Nuclear Reactors, Materials,
and Waste
 Postal and Shipping
 Transportation
 Water
As a Physical Security Professional the
The Risk Assessment or Physical Security
tools we use may be the same or similar Assessment
in each sector, however the integration,
policies, goals and solution may differ.
This document is dedicated to give you
a basic overview of the different
technologies we us and some examples
Assess Identify
of how they have been used. If you Vulnerabilities Threats
have specific needs, questions and
concerns, please contact the author or a
security professional to learn more
about your needs.
Risk & Physical
Risk Management & Physical Security Management
Security Cycle
The use of appropriate physical security
technology measures can prevent or Implement Evaluate
deter a wide variety of insider and Countermeasures Countermeasures
external attacks, from staff fraud through
to the facilitation or conduct of a terrorist
attack. However, these counter-
measures can also be costly, so it is
important that they are implemented in a
way that reflects the severity of the risk.
Risk Management provides a systematic
The Risk Assessment & Physical Security
basis for proportionate and efficient
Assessment is the first step in the process to
security. From the moment an
protect any facility or location and justify the
individual arrives on the grounds and
investment in that protection. The Risk
walks through the doors, the following
Assessment or Physical Security Assessment
items should be part of a physical
process is the same they incorporate identifying
security best practices program for any
threats and assessing vulnerabilities then
facility.
evaluating and implementing countermeasures.
In this context, risk is usually understood to be
the product of two factors: the likelihood of an
event occurring, and the impact that the event
4|Page

5. would have. When each of these has Opportunity is a combination of the access that
been evaluated, they are combined to an insider has to an organization’s assets (by
provide an overall measure of risk. virtue of their role or position), together with the
Then we use our security technology vulnerability of the environment (for example,
countermeasures to further reduce the an environment that is constantly supervised or
opportunity and risk. monitored by CCTV cameras is less vulnerable
to some insider threats than an environment
Likelihood can be further broken down which is not subject to these controls). Impact
into three factors: intent, capability and should be considered in terms of the value of
opportunity. Intent is a measure of the the assets affected and any wider
insider’s determination to carry out the consequences. For example, insider fraud can
attack, while capability is the degree to have both financial and reputational impacts.
which the insider possesses the skills,
knowledge and resources to be Levels of risk assessment
successful in the attempt. I my study of
fraud as a member of the Association of There are three levels at which personnel
Certified Fraud Examiners (ACFE) I security risk assessments can be conducted:
learned that according to Donald R.
Cressey (April 27, 1919 – July 21, 1987) 1. Organization
who was an American penologist, 2. Group
sociologist, and criminologist who made 3. Individual
innovative contributions to the study of
organized crime, prisons, criminology, The first examines and prioritizes the types of
the sociology of criminal law, white- insider threats that are of concern to the
collar crime. He is also known as the organization as a whole, the second focuses on
farther of the Fraud Triangle which groups of employees with differing levels of
states that there are three factors that opportunity to commit the threats, while the
need to exist for someone to commit third deals with each employee on an individual
fraud. They are Motive or Financial basis.
Pressure, Rationalization and
Opportunity. Some things we can Most risk practitioners will find it helpful to start
control and others we cannot, I have with the simplest and highest level approach,
always focused on eliminating the the organization level risk assessment, which
Opportunity. My goal is to create the provides a useful overview of the threats facing
Perception of Detection with the the organization and an opportunity to review
security technology to stop fraud and countermeasures in general. The group level
other crimes. Besides a terrorist who is assessment will require a greater commitment
willing to die for their cause, most of time and effort, but can yield significant
people, in my experience will think twice insight into the groups of employees that give
or find another target if they feel they will most cause for concern and the proportionate
be unsuccessful or caught. application of countermeasures within the
organization. The individual level assessment is
the most labor intensive of all, looking at every
employee in turn to determine their combined
opportunity and insider potential (i.e. threat and
susceptibility).
The levels of risk assessment that you use will
depend on the threats faced by your
organization and the nature of the workforce. It
5|Page

6. is important that you understand the Design Solution Check List
way in which the three approaches The following are some key examples of points
support different types of decision. For to consider when building a new data center. I
example, if the organizational risk use this as an example because Physical and
assessment reveals that there is a Cyber Strategies share common underlying
negligible threat to the organization from policy objectives and principles. The first
an insider bringing a bomb into the objective of this Strategy is to identify and
building, this may rule out the need for assure the protection of those assets, systems,
baggage checks on entry to the site. and functions that are deemed most “critical” to
Alternatively, the group level the organization. Almost every facility today
assessment could reveal that certain has data access or data storage and in many
employees, due to their role in the cases the “Data Room or Closet” is one of the
organization, have regular access to least secured locations in the facility and is the
highly confidential or sensitive most vulnerable. The liability of data loss for
information, and they may therefore almost every organization is astronomical. The
require higher levels of supervision in customer or personal data, organizational
the office. If, at the individual level, a confidential information or trade secrets could
particular employee is considered to destroy an organization without firing a shot.
have high insider potential and a high Most MDF rooms or main equipment room is
level of opportunity, then an individually where inside and outside cables and conduit
tailored risk management plan might be terminate. It is usually referred to as the MDF
required. (Main Distribution Frame) are accessible by
everyone in the organization from the
The remaining two stages are receptionist to the janitor.
implementation, which involves putting
the new countermeasures identified by So, as you read through this next section, apply
the risk or security assessment into the principles to your facility and think of how
operation, and evaluation, during which you could enhance you security to reduce your
the effectiveness of the counter- risk of loss.
measures is reviewed. The lists of
assumptions made during the risk Build on the Right Spot
assessment will prove particularly useful Be sure the building is some distance from
during this evaluation. headquarters (20 miles is typical) and at least
100 feet from the main road. Bad neighbors:
Depending on how much time has airports, chemical facilities, power plants. Bad
passed since the risk assessment, the news: earthquake fault lines and (as we've seen
evaluation stage should also show that all too clearly this year) areas prone to
the threats identified either have or have hurricanes and floods. And scrap the "data
not been reduced by the counter- center" sign.
measures you have introduced. It is
worth bearing in mind, however, those Restrict Area Perimeter
factors outside your control, such as the
Secure and monitor the perimeter of the facility.
current threat level, or economic,
political and social issues, may also Have Redundant Utilities
have an influence. These same factors
are likely to introduce new threats to be Data centers need two sources for utilities, such
addressed in future assessments. as electricity, water, voice and data. Trace
electricity sources back to two separate
substations and water back to two different
main lines. Lines should be underground and
should come into different areas of the building,
6|Page

7. with water separate from other utilities. default, and lowered only when someone has
Use the data center's anticipated power permission to pass through.
usage as leverage for getting the
electric company to accommodate the Plan for Bomb Detection
building's special needs. For data facilities that are especially sensitive or
likely targets, have guards use mirrors to check
Deter, Detect, and Delay underneath vehicles for explosives, or provide
Deter, detect, and delay an attack, portable bomb-sniffing devices. You can
creating sufficient time between respond to a raised threat by increasing the
detection of an attack and the point at number of vehicles you check, perhaps by
which the attack becomes successful. checking employee vehicles as well as visitors
and delivery trucks.
Pay Attention to Walls
Foot-thick concrete is a cheap and Limit Entry Points
effective barrier against the elements Control access to the building by establishing
and explosive devices. For extra one main entrance, plus a back one for the
security, use walls lined with Kevlar. loading dock. This keeps costs down too.
Avoid Windows Make Fire Doors Exit Only
Think warehouse and not an office For exits required by fire codes, install doors
building. If you must have windows, that don't have handles on the outside. When
limit them to the break room or any of these doors is opened, a loud alarm
administrative area, and use bomb- should sound and trigger a response from the
resistant laminated glass. security command center.
Use Landscaping for Protection Use Plenty of Cameras
Trees, boulders and gulleys can hide Surveillance cameras should be installed
the building from passing cars, obscure around the perimeter of the building, at all
security devices (like fences), and also entrances and exits, and at every access point
help keep vehicles from getting too throughout the building. A combination of
close. Oh, and they look nice too. motion-detection devices, low-light cameras,
pan-tilt-zoom cameras and standard fixed
Keep a 100-foot Buffer Zone around the cameras is ideal. Footage should be digitally
Site recorded and stored offsite.
Where landscaping does not protect the
building from vehicles, use crash-proof Protect the Building's Machinery
barriers instead. Bollard planters are Keep the mechanical area of the building, which
less conspicuous and more attractive houses environmental systems and
than other devices. uninterruptible power supplies, strictly off limits.
If generators are outside, use concrete walls to
Use Retractable Crash Barriers at Vehicle secure the area. For both areas, make sure all
Entry Points contractors and repair crews are accompanied
Control access to the parking lot and by an employee at all times.
loading dock with a staffed guard station
that operates the retractable bollards. Personnel Surety
Use a raised gate and a green light as Perform appropriate background checks on and
visual cues that the bollards are down ensure appropriate credentials for facility
and the driver can go forward. In personnel, and, as appropriate, for unescorted
situations when extra security is visitors with access to restricted areas or critical
needed, have the barriers left up by assets.
7|Page

8. Plan for Secure Air Handling If someone tries to sneak in behind an
Make sure the heating, ventilating and authenticated user, the door gently revolves in
air-conditioning systems can be set to the reverse direction. (In case of a fire, the walls
recirculate air rather than drawing in air of the turnstile flatten to allow quick egress.)
from the outside. This could help protect
people and equipment if there were A "mantrap"
some kind of biological or chemical Provides alternate access for equipment and for
attack or heavy smoke spreading from a persons with disabilities. This consists of two
nearby fire. For added security, put separate doors with an airlock in between. Only
devices in place to monitor the air for one door can be opened at a time, and
chemical, biological or radiological authentication is needed for both doors.
contaminant.
At the Door to an Individual Computer
Ensure nothing can hide in the walls and Processing Room
ceilings This is for the room where actual servers,
In secure areas of the data center, make mainframes or other critical IT equipment is
sure internal walls run from the slab located. Provide access only on an as-needed
ceiling all the way to subflooring where basis, and segment these rooms as much as
wiring is typically housed. Also make possible in order to control and track access.
sure drop-down ceilings don't provide
hidden access points. Watch the Exits Too
Monitor entrance and exit—not only for the
Use two-factor Authentication main facility but for more sensitive areas of the
Biometric identification is becoming facility as well. It'll help you keep track of who
standard for access control to sensitive was where, when. It also helps with building
areas of data centers, with hand evacuation if there's a fire..
geometry or fingerprint scanners usually
considered less invasive than retinal Prohibit Food in the Computer Rooms
scanning. In other areas, you may be Provide a common area where people can eat
able to get away with less-expensive without getting food on computer equipment.
access cards.
Install Visitor Rest Rooms
Harden the Core with Security Layers Make sure to include rest rooms for use by
Anyone entering the most secure part of visitors and delivery people who don't have
the data center will have been access to the secure parts of the building.
authenticated at least three times,
including at the outer door. Don't forget Critical Infrastructure Monitoring
you'll need a way for visitors to buzz the "Critical infrastructure" is defined by federal law
front desk (IP Intercom works well for as "systems and assets, whether physical or
this). At the entrance to the "data" part virtual, so vital to the United States that the
of the data center. At the inner door incapacity or destruction of such systems and
separates visitor area from general assets would have a debilitating impact on
employee area. Typically, this is the security, national economic security, national
layer that has the strictest "positive public health or safety, or any combination of
control," meaning no piggybacking those matters.
allowed. For implementation, you have
two options: The Information Technology (IT) Sector is
central to the nation's security, economy, and
-A floor-to-ceiling turnstile public health and safety. Businesses,
governments, academia, and private citizens
8|Page

9. are increasingly dependent upon IT Implementation
Sector functions. These virtual and Use a proven integrator who can utilize and
distributed functions produce and integrate mutable solutions to create a physical
provide hardware, software, and IT security compliance and risk management
systems and services, and—in solution that can automate and enforce physical
collaboration with the Communications security policies, from restricting area perimeter
Sector —the Internet. and securing site assets to personnel surety
and reporting of significant security incidents;
Communication between your business this helps to ensure both governance and
alarm system and our Monitoring Center compliance utilizing an organization’s existing
is a critical part of your protective physical security and IT infrastructure.
system. Require an Underwriters’
Laboratories (U.L.) Listed Monitoring This can centrally manage all regulations and
Center with sophisticated associated controls and automate assessment,
communications operation. remediation and reporting as per defined review
cycles. Automatically trigger compliance-based
In the event of an alarm, the actions, such as rule-based generation of
CPU in your security system sends an actions/penalties, based on physical access
alarm signal to the monitoring facility events. Correlate alarms and identities to better
through the phone lines, or thru the manage situations and responses across the
network with AES radio or cellular back- security infrastructure. Incorporate real-time
up communications. The signal is then monitoring and detailed risk analysis tools to
retrieved by the monitoring center, and instantly enforce, maintain and report on
the operators quickly notify the compliance initiatives
appropriate authorities, as well as the
designated responder, of the Key External Technology Measures
emergency.
Entry Point
Monitoring Capabilities Data centers are generally designed with a
 Fire central access point that’s used to filter
 Hold-Up employees and visitors into the data center.
 Intrusion All requests are vetted by a security guard with
 Halon/Ansul an intercom link to ensure that they have a
 Panic/Ambush legitimate reason for entering the premises.
 Man Down
Automatic Bollards
 Elevator Phones
 Off-Premises Video As an alternative to a guard-controlled gate,
 HVAC/Refrigeration automatic bollards can be used at entry points.
 Sprinkler/Tamper/Flow These short vertical posts pop out of the ground
to prevent unauthorized vehicles from driving
 Power Loss/Low Battery
onto the site. When a vehicle’s occupants are
 Gas/Hazardous Chemicals
verified by a guard, an access card or other
 Water Flow/Flood Alarms secure process, the bollards are quickly
 Environmental Devices lowered to allow the vehicle to enter. When in
(CO2/CO/ETC.) the lowered position, the top of each bollard is
 Radio/Cellular Back-Up flush with the pavement or asphalt and
Communications completely hidden. The bollards move quickly
and are designed to prevent more than one
vehicle from passing through at any one time.
9|Page

10. Closed-Circuit TV or IP Video the second one opens. In a typical mantrap, the
External video cameras, positioned in visitor needs to first “badge-in” and then once
strategic locations, including along inside must pass a biometric screening in the
perimeter fencing, provide efficient and form of an iris scan.
continuous visual surveillance. The
cameras can detect and follow the Access Control List
activities of people in both authorized Defined by the data center customer, an access
and “off limits” locations. In the event control list includes the names of individuals
someone performs an unauthorized who are authorized to enter the data center
action or commits a crime, the digitally environment. Anyone not on the list will not be
stored video can supply valuable granted access to operational areas.
evidence to supervisors, law
enforcement officials and judicial Badges and Cards
authorities. For added protection, the Visually distinctive badges and identification
video should be stored off-site on a cards, combined with automated entry points,
digital video recorder (DVR). ensure that only authorized people can access
specific data center areas. The most common
Key Internal Technology Measures identification technologies are magnetic stripe,
proximity, barcode, smart cards and various
Lobby Area biometric devices.
With proper software and surveillance
and communications tools, a staffed Guard Staff
reception desk, with one or more A well-trained staff that monitors site facilities
security guards checking visitors’ and security technologies is an essential
credentials, creates an invaluable first element in any access control plan.
line of access control.
Loading and Receiving
Surveillance
For full premises security, mantraps, card
Like their external counterparts, internal readers and other access controls located in
cameras provide constant surveillance public-facing facilities also need to be
and offer documented proof of any duplicated at the data center’s loading docks
observed wrongdoing. and storage areas.
Biometric Screening Operational Areas
Once the stuff of science fiction and spy The final line of physical protection falls in front
movies, biometric identification now of the data center’s IT resources. Private cages
plays a key role in premises security. and suites need to be equipped with dedicated
Biometric systems authorize users on access control systems while cabinets should
the basis of a physical characteristic that have locking front and rear doors for additional
doesn’t change during a lifetime, such protection.
as a fingerprint, hand or face geometry,
retina or iris features. Humans are the weakest link in any security
scheme. Security professionals can do their
Mantrap best to protect systems with layers of anti-
Typically located at the gateway malware, personal and network firewalls,
between the lobby and the rest of the biometric login authentication, and even data
data center, mantrap technology encryption, but give a good hacker (or computer
consists of two interlocking doors forensics expert) enough time with physical
positioned on either side of an enclosed access to the hardware, and there’s a good
space. The first door must close before chance they’ll break in. Thus, robust physical
10 | P a g e

11. access controls and policies are critical  Authenticate individuals with regular access
elements of any comprehensive IT requirements through the use of their
security strategy. assigned permanent authenticator.
 Authenticate individuals with occasional
According to a report by the SANS access requirements through the use of a
Institute, “IT security and physical personal identification mechanism that
security are no longer security silos in includes name, signature and photograph.
the IT environment; they are and must
be considered one and the same or, as Step 2
it should be called, overall security.” Verify that work to be performed has been pre-
approved or meets emergency response
It is the innermost layer—physical entry procedures:
to computer rooms—over which IT  Verify against standard Change Control
managers typically have responsibility, procedures.
and the means to have effective control  Verify against standard Maintenance
over human access focuses on a set of procedures.
policies, procedures, and enforcement
mechanisms. Step 3
Policy Basics Make use of logs to document the coming and
goings of people and equipment:
Given their importance and ramifications
on employees, access policies must  Assign the responsibility for the
come from the top leadership. After maintenance of an access log that records
setting expectations and behavioral personnel access. Record the following:
ground rules, actual data center access  Date and time of entry.
policies have several common  Name of accessing individual and
elements. The most essential are authentication mechanism.
definitions of various access levels and  Name and title of authorizing individual.
procedures for authenticating individuals  Reason for access.
in each group and their associated  Date and time of departure.
privileges and responsibilities when in
the data center.  Assign the responsibility for the
maintenance of a delivery and removal log
Step 1 that records equipment that is delivered to
Authorize, identify and authenticate or removed from facilities; Record the
individuals that require physical access: following:
 Identify the roles that require both  Date and time of delivery/removal.
regular as well as occasional  Name and type of equipment to be
physical access and identify the delivered or removed.
individuals that fill these roles.  Name and employer of the individual
 Provide standing authorization and a performing the delivery/removal and the
permanent authenticator to authentication mechanism used.
individuals that require regular  Name and title of authorizing individual.
access.  Reason for delivery/removal.
 Require individuals that require
occasional access to submit a Non-Compliance
request that must be approved prior Violation of any of the constraints of these
to access being attempted or policies or procedures should be considered a
allowed. security breach and depending on the nature of
the violation, various sanctions will be taken:
11 | P a g e

12.  A minor breach should result in cards. I also recommend using time-stamped
written reprimand. video surveillance in conjunction with electronic
 Multiple minor breaches or a access logs and a sign-in sheet to provide a
major breach should result in paper trail.
suspension.
 Multiple major breaches should Access levels and controls, with identification,
result in termination. monitoring, and logging, form the foundation of
an access policy, but two other major policy
Although older data centers typically just elements are standards of conduct and
consisted of a large, un-partitioned behaviors inside the data center such as:
raised-floor area, newer enterprise prohibitions on food and beverages or
facilities have taken a page from ISP tampering with unauthorized equipment,
designs by dividing the space into limitations and controls on the admission of
various zones—for example, a cage for personal electronics such as USB thumb drives,
high-availability servers, another area laptops, Smartphones, or cameras are critical.
for Tier 2 or 3 systems, a dedicated
network control room, and even Policies should also incorporate processes for
separate areas for facilities granting access or elevating restriction levels,
infrastructure such as PDUs and an exception process for unusual situations,
chillers. Such partitioned data centers sanctions for policy violations, and standards
provide control points for denying for reviewing and auditing policy compliance.
access to personnel with no Stahl cautions that penalties for noncompliance
responsibility for equipment that’s in will vary from company to company because
them. they must reflect each enterprise’s specific risk
tolerance, corporate culture, local employment
Identification Procedures laws, and union contracts.
The next step in a physical security
policy is to set up controls and Summary
identification procedures for It’s time to get physical—as in physically
authenticating data center users and protecting a data center and all of its assets.
granting them physical access. Although The need for ironclad virtual security measures,
biometric scanners look flashy in the such as managed firewalls, is well known. Yet
movies and certainly provide an added physical security is often placed on the back
measure of security, a magnetic stripe burner, largely forgotten about until an
badge reader is still the most common unauthorized party manages to break into or
entry technology, as it’s simple, cheap, sneak onto a site and steals or vandalizes
and effective and allows automated systems.
logging, which is a necessary audit trail.
One problem with magnetic readers, Today’s security systems include:
according is their susceptibility to  Intrusion and Monitoring Systems
tailgating, or allowing unauthorized  Access Control Systems
personnel to trail a colleague through an  Visitor Management Systems
entryway. That’s why we advise  Surveillance Systems
supplementing doors and locks with  Emergency Communications Systems
recorded video surveillance.  PISM Software Platforms
I also like to add a form of two-factor
authentication to entry points by The newest of these is the PISM or Physical
coupling a card reader (“something you Security Information Management system.
have”) with a PIN pad (“something you
know”), which reduces the risks of lost
12 | P a g e

13. Physical Security Information Geo-Location Engine
Management (PISM) The Geo Location Engine provides spatial
recognition for geo-location of devices and supports
situation mapping functionality. The physical
The PSIM Platform enables the position of devices is stored in an internal knowledge
integration and organization of any base as GIS/GPS positions or building coordinates.
number and type of security devices or The engine uses the information to determine
systems and provides a common set of relevance, selects, and relate devices involved in a
services for analyzing and managing the given situation. The system uses the information to
incoming information. It also serves as overlay graphical representations of security assets
the common services platform for video and activities onto Google-type maps or building
and situation management applications. layouts.
Routing Engine
Effectively maintaining security of critical
infrastructure does not happen by The Routing Engine is an intelligent switch that
accident, it means giving your security connects any security device to PISM command
interfaces or output device(s) and accommodates
professionals the best security/software
any required transformation of formats and protocols
tools available today. By unifying your between connected devices. In most cases, devices
existing surveillance system and connect directly to each other and exchange data
providing spatial context to your camera streams directly, avoiding possible bottlenecks that
feeds, PISM brings out the best of your would arise from routing all traffic through a single
equipment. centralized server. An internal knowledge base of
all connected devices and their characteristics is
To investigate day-to-day incidents, as maintained by the Routing Engine, which uses that
well as prepare for emergency information to ensure a viable communication path,
situations, the security department compatibility of signal format and acceptable quality
of service.
makes use of a vast network of video
cameras, access control points, Rules Engine
intercoms, fire and other safety systems.
PISM unifies all of these disparate The PSIM Platform contains a powerful Rules
feeds, including systems from diverse Engine that analyzes event and policy
manufacturers, into a single decision- information from multiple sources to correlate
oriented Common Operating Picture. events, make decisions based upon event
Within the PSIM Platform are five key variables and initiate activities.
components:
Dispatch Engine
Integration Services The Dispatch Engine integrates with
communications infrastructure to initiate
Multiple strategies are used for
external applications or the transmission of
connection, communication with, and
messages, data and commands. Dispatch
management of installed devices and
actions are automatically triggered by the rules
systems from multiple vendors. The
engine as it executes recommendations for
PSIM Platform offers complete support
situation resolution. Operators can manually
for the industry’s most commonly-used
initiate actions as well.
device types – out of the box. In
addition, it employs customizable
The key benefits of today’s technology is
“pipeline” architecture to receive device
allowing system users to do more with less by
events. Network connectivity is achieved
getting maximum benefits through integrated
using combinations of multiple
technologies with each system (Both new and
communications protocols.
old) and with the goals of company policies and
procedures like never before.
13 | P a g e

14. Appendix A: Understanding Physical Access Control Solutions
SOLUTION STRENGTHS WEAKNESSES COMMENTS
KEYS •Most traditional form of • Impossible to track if • Several solutions are
access control they are lost or stolen, currently available on
• Easy to use which leaves facility the market to manage
• Don’t require power for vulnerable keys and keep key
operation • Potential for holders accountable.
unauthorized sharing of
keys
• Difficult to audit their use
during incident
investigations
• Difficult to manage on
large campuses with
multiple doors
• Re-coring doors when a
key is lost or stolen is
expensive
LOCKS • Easy installation • Power always on (fail- • DC only
• Economical safe) • Comes in different
Maglock • Easy retrofit • Typically requires exit “pull” strengths
• Quiet operation device to break circuit • Check extra features,
Electric • Requires backup power such as built in door
Strike supply for 24-hour service sensor
• Can be either fail-secure
or • Door/lock hardware • Requires more door
fail-safe experience needed hardware experience
• Does not need constant than Maglock
power • Specify for life-safety
• Door knob overrides for requirements
safe exit • Can be both AC and
DC (DC lasts longer)
• Fail-safe must have
power backup
• Fail-secure most
popular
ACCESS CARDS • Access rights can be • Prone to piggybacking / • Can incorporate a
denied without the expense tailgating (when more than photo ID
of re-coring a door and one individual enters a component
issuing a new key secure area using one • Can be used for both
• Can limit access to a access card or an physical and logical
building to certain times of unauthorized person access control
the day follows an authorized • Card readers should
• Systems can provide person into a secure area have battery backup in
audit trails for incident • Users can share cards the event of power
investigations with unauthorized persons failure
• Cards can be stolen and • Tailgate detection
Magnetic used by unauthorized products, video
Stripe individuals surveillance, analytics
• Systems are more and security officers
expensive to install than can address tailgating
traditional locks issues
• Require power to • Can integrate with
operate video surveillance,
Proximity • Inexpensive to issue or intercoms and intrusion
replace detection systems for
14 | P a g e

15. enhanced security
• Not as secure as
Smart proximity cards or smart
Card cards • These are the most
• Can be duplicated with commonly used access
• Durable relative ease control cards by US
• Convenient • Subject to wear and tear campuses and facilities
• More difficult to
compromise • Cost more than
than magstripe cards magstripe cards
• Less wear and tear issues • Easier to compromise • Are widely used for
than smart cards access control
• Multiple application (although not as widely
functionality (access, as magstripe)
cashless vending, library • Currently the most
cards, events) expensive card access • Not as widely
• Enhanced security option on the market adopted as magstripe
through or proximity cards due
encryption and mutual to cost
authentication • Widely adopted in
• Less wear and tear issues Europe• Can
incorporate biometric
and
additional data such as
Photo and ATM
PIN NUMBERS • Easy to issue and change • Can be forgotten • Should be changed
(Pass codes) • Inexpensive • Difficult to manage when frequently to ensure
there are many passwords security
for different systems • Often used in
• Can be given to conjunction with other
unauthorized users access control
• Prone to tailgating/ solutions, such as
piggybacking cards or biometrics
DOOR ALARMS • Provide door intrusion, • Will not reach hearing • Appropriate for any
door forced and propped impaired without monitored door
door detection modifications application, such as
• Reduce false alarms • Will not detect tailgaters emergency exits
caused by unintentional • Door bounce can cause • Used in conjunction
door propping false alarms with other access
• Encourage staff and control solutions, such
students to maintain as card readers or
access control procedure keys
• Can be integrated
with video
surveillance for
enhanced security
TAILGATE/PIGGYBA • Monitor the entry point • Not intended for large • Appropriate for any
CK DETECTORS into secure areas utility cart and equipment monitored door
• Detect tailgate violations passage (which could application where a
(allow only one person cause the system to go higher degree of
to enter) into false alarm) security is needed,
• Detect when a door is • Not for outdoor use such as data centers,
propped research laboratories,
• Mount on the door frame etc
• Easy to install • Used in conjunction
with other access
control solutions, such
as card readers
• Can be integrated
with video surveillance
for enhanced security
PUSHBUTTON • Many button options • Anyone can press the • Used to release door
15 | P a g e

16. CONTROLS available release button (unless and shunt alarm
• Normally-open/Normally using a keyed button), so • Used for emergency
closed momentary contacts button must be positioned exits when
provide fail-safe manual in a secure location (for configured to fail-safe
override access • May be used in
• Time delay may be field control, not for life-safety) conjunction with
adjusted for 1-60 seconds • Some can be defeated request to exit (REX)
easily for door alarms and life
• Can open door to safety
stranger when • Still may require
approaching from inside mechanical device exit
button to meet life-
safety code
• With REX, careful
positioning and
selection required
MULTI-ZONE • Display the status of • 12 VDC only special • Designed to monitor
ANNUNCIATORS doors order 24 VDC option multiple doors from
and/or windows throughout • Door bounce can cause a single location
a monitored facility false alarms • May be used in
• Alert security when a door • Requires battery backup conjunction with door
intrusion occurs in case of power alarms, tailgate
• Many options available: failure detection systems and
zone shunt, zone relay and optical turnstiles
zone supervision • No annunciation at
the door; only at the
monitoring station
FULL HEIGHT • Provides a physical • Physical design ensures • Designed for
TURNSTILES barrier to a reasonable degree indoor/outdoor
at the entry location that only one authorized applications
• Easy assembly person will enter, but it will • Used in parking lots,
• Easy maintenance not detect tailgaters football fields and
• Available in aluminum along fence lines
and • Use with a
galvanized steel conventional access
control device like a
card reader
OPTICAL • Appropriate for areas with • Can be climbed over • Used in building
TURNSTILES a lot of pedestrian traffic • Not for outdoor use lobby and elevator
• Detects tailgating corridor applications
• Aesthetically pleasing and • Use with a
can be integrated into conventional access
architectural designs control device like a
• Doesn’t require separate card reader
emergency exit • To ensure
• Provides good visual and compliance, deploy
audible cues to users security officers and
video surveillance
BARRIER ARM • Appropriate for areas with • Units with metal-type • Used in building
TURNSTILES a lot of pedestrian traffic arms can be climbed over lobby and elevator
(Glass gate or • Provides a visual and or under corridor applications
metal arms) psychological barrier while • Not for outdoor use • Use with a
communicating to • Most expensive of the conventional access
pedestrians turnstile options control device like a
that authorization is • Requires battery backup card reader
required to gain access in case of power failure • To ensure
• Detects tailgating compliance, deploy
• Reliable security officers and
video surveillance
16 | P a g e

17. • Battery backup is
recommended
BIOMETRICS • Difficult to replicate • Generally much more • Except for hand
identity expensive than locks or geometry, facial and
because they rely on card access solutions finger solutions,
unique • If biometric data is biometric technology is
physical attributes of a compromised, the issue is often appropriate for
person (fingerprint, hand, very difficult to address high-risk areas
face or retina) requiring enhanced
• Users can’t forget, lose or security
have stolen their biometric
codes
• Reduces need for
password
and card management
INTERCOMS • Allow personnel to • Will not reach hearing • Appropriate for visitor
communicate with and impaired without management,
identify visitors before modifications afterhours visits,
allowing them to enter a • Not appropriate for loading docks,
facility entrances requiring stairwells, etc.
• Can be used for throughput of many • Use with conventional
emergency and non- people in a small amount access control
emergency of time solutions, such as keys
communications or access cards
• IP solutions today offer • Video surveillance
powerful communications solutions can provide
and backup systems with visual verification of a
integration visitor
17 | P a g e

18. Sample
Site Survey for Access Control Systems
Date Customer Name
Contact Name Email Address
Street City
State Zip Phone
Y
Time and /
DVR Y/N Elevator Control Y/N Photo Badging Y/N
Attendance N
Access Control
Number of Locations
Communications Method Encryption Y/N
Number of Reader Controlled Doors
Number of Controlled Doors without Readers
Number of Monitored only Doors
Number of Egress Devices
Type of Readers
Type of Cards
Type of Egress Devices
Number of Outputs for other use
Number of Inputs for other use
Number of PCs
Elevator Control
Number of Elevators Cabs to be controlled
Number of Floors to be controlled in each Cab
Photo ID Badging
Number of Badging workstations
Type of Image Gathering File Import / Live Video Capture
Number and Type of Printers
Time and Attendance
Number of Clock in Out Readers
Number of Time Display Modules
Digital Video Recorder Integration
Type of Video System to Integrate with
18 | P a g e

19. 19 | P a g e

20. Physical Security Data or Key Facility Assessment Checklist
1. Site
2. Architectural
3. Structural Systems
4. Building Envelope
5. Utility Systems
6. Mechanical Systems
7. Plumbing and Gas Systems
8. Electrical Systems
9. Fire Alarm Systems
10. Communications and Information Technology Systems
11. Equipment Operations and Maintenance
12. Security Systems
13. Security Master Plan
20 | P a g e

21. Assessment Question Assessment Guidance Assessment Comment
ITEM
1 The Site
1.1
What major structures surround
the facility?
1.2
What are the site access points
to the facility?
1.3 What are the existing types of
anti-ram devices for the facility?
1.4 What is the anti-ram buffer zone Anti-ram protection may be
standoff distance from a building provided by adequately designed:
to unscreened vehicles or bollards, street furniture,
parking? sculpture, landscaping, walls and
fences.
1.5 Are perimeter barriers capable If the recommended distance is
of stopping vehicles? not available consider structural
hardening, perimeter barriers and
parking restrictions; relocation of
vulnerable functions within or
away from the building;
operational procedures,
acceptance of higher risk.
1.6 Does site circulation prevent
high-speed approaches by
vehicles?
1.7 Are there offsetting vehicle
entrances from the direction of a
vehicle’s approach to force a
reduction of speed?
1.8 Is there space for inspection at Design features for the vehicular
the curb line or outside the inspection point include: vehicle
protected perimeter? What is the arrest devices that prevent
minimum distance from the vehicles from leaving the
inspection location to the vehicular inspection area and
building? prevent tailgating. If screening
space cannot be provided, other
design features such as:
hardening and alternative space
for inspection.
1.9 In dense, urban areas, does Where distance from the building
curb lane parking place to the nearest curb provides
uncontrolled parked vehicles insufficient setback, restrict
unacceptably close to a facility parking in the curb lane. For
in public rights-of-way? typical city streets this may
require negotiating to close the
curb lane.
1.10 Is there a minimum setback Adjacent public parking should be
distance between the building directed to more distant or better-
and parked vehicles? protected areas, segregated from
employee parking and away from
the facility.
Does adjacent surface parking Parking within ______feet of the
1.11 maintain a minimum standoff building shall be restricted to
distance? authorized vehicles.
21 | P a g e

22. ITEM ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
1.12 Do stand-alone, above ground Pedestrian paths should be
parking facilities provide planned to concentrate activity to
adequate visibility across as the extent possible. Limiting
well as into and out of the vehicular entry/exits to a minimum
parking facility? number of locations is beneficial.
Stair tower and elevator lobby
design shall be as open as code
permits. Stair and/or elevator
waiting area should be as open to
the exterior and/or the parking
areas as possible. Potential hiding
places below stairs should be
closed off; nooks and crannies
should be avoided. Elevator
lobbies should be well-lighted and
visible to both patrons in the
parking areas and the public out
on the street.
Are garages or service area
1.13 entrances for government
controlled or employee
permitted vehicles that are not
otherwise protected by site
perimeter barriers protected by
devices capable of arresting a
vehicle of the designated threat
size at the designated speed?
1.14 Does site landscaping provide
hiding places? It is desirable to hold planting
away from the facility to permit
observation of intruders.
1.15 Is the site lighting adequate Security protection can be
from a security perspective in successfully addressed through
roadway access and parking adequate lighting. The type and
areas? design of lighting including
illumination levels is critical.
IESNA guidelines can be used.
1.16 Is a perimeter fence or other
types of barrier controls in
place?
1.17 Do signs provide control of
vehicles and people?
22 | P a g e

23. ITEM ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
2 Architectural
2.1 Does the site planning and The focus of CPTED is on
architectural design incorporate creating defensible space by
strategies from crime prevention employing natural access
through environmental design controls, natural surveillance and
(CPTED) perspective? territorial reinforcement to
prevent crime and influence
positive behavior, while
enhancing the intended uses of
space. Examples of CPTED
attributes include spatial
definition of space to control
vehicle and pedestrian circulation
patterns, placement of windows
to reinforce surveillance, defining
public space from
private/restricted space through
design of lobbies, corridors, door
placement, pathway and roadway
placements, walls, barriers,
signage, lighting, landscaping,
separation and access control of
employee/ visitor parking areas,
etc.
2.2 Is it a mixed-tenant facility? High-risk tenants should not be
housed with low-risk tenants.
High-risk tenants should be
separated from publicly
accessible areas. Mixed uses
may be accommodated through
such means as separating
entryways, controlling access,
and hardening shared partitions,
as well as through special
security operational counter-
measures.
2.3 Are public toilets, service spaces
or access to vertical circulation
systems located in any non-
secure areas, including the
queuing area before screening at
the public entrance?
2.4
Are areas of refuge identified,
with special consideration given
to egress?
2.5 Are loading docks and receiving Loading docks should be located
and shipping areas separated in so that vehicles will not be driven
any direction from utility rooms, into or parked under the building.
utility mains, and service If loading docks are in close
entrances including electrical, proximity to critical equipment,
telephone/data, fire detection/ the service shall be hardened for
alarm systems, fire suppression blast.
water mains, cooling and heating
mains, etc.?
23 | P a g e

24. ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
ITEM
2.6 Are mailrooms located away The mailroom should be located
from facility main entrances, at the perimeter of the building
areas containing critical with an outside wall or window
services, utilities, distribution designed for pressure relief.
systems, and important assets?
Does the mailroom have
adequate space for explosive
disposal containers? Is the
mailroom located near the
loading dock?
Is space available for equipment
2.7 to examine incoming packages Off-site screening stations may be
and for special containers? cost effective, particularly if
several buildings may share one
mailroom.
2.8 Are critical building components Critical building components
located close to any main include: Emergency generator
entrance, vehicle circulation, including fuel systems, day tank,
parking, maintenance area, fire sprinkler, and water supply;
loading dock, interior parking? Normal fuel storage; Main
switchgear; Telephone distribution
and main switchgear; Fire pumps;
Building control centers; UPS
systems controlling critical
functions; Main refrigeration
systems if critical to building
operation; Elevator machinery
and controls; Shafts for stairs,
elevators, and utilities; Critical
distribution feeders for emergency
power. Evacuation and rescue
require emergency systems to
remain operational during a
disaster and they should be
located away from attack
locations. Primary and back-up
systems should not be collocated.
2.9
Do doors and walls along the
line of security screening meet
requirements of UL752
“Standard for Safety: Bullet-
Resisting Equipment”?
2.10 Do entrances avoid significant If queuing will occur within the
queuing? building footprint, the area should
be enclosed in blast-resistant
construction. If queuing is
expected outside the building, a
rain cover should be provided.
Do public and employee These include walk-through metal
2.11 entrances include space for detectors and x-ray devices, ID
possible future installation of check, electronic access card,
access control and screening and turnstiles.
equipment?
24 | P a g e

25. ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
ITEM
2.12 Are there trash receptacles and The size of the trash receptacles
mailboxes in close proximity to and mailbox openings should be
the facility that can be used to restricted to prohibit insertion of
hide explosive devices? packages.
2.13 Is roof access limited to autho-
rized personnel by means of
locking mechanisms?
2.14 Stairs should not discharge into
Are stairwells required for lobbies, parking, or loading areas.
emergency egress located as
remotely as possible from high-
risk areas where blast events
might occur?
Are enclosures for emergency
2.15 egress hardened to limit the
extent of debris that might
otherwise impede safe passage
and reduce the flow of
evacuees?
2.16 Is access control provided
through main entrance points for
employees and visitors (e.g. by
lobby receptionist, sign-in, staff
escorts, issue of visitor badges,
checking forms of personal
identification, electronic access
control system’s)?
2.17 Is access to private and public
space or restricted area space
clearly defined through the
design of the space, signage,
use of electronic security
devices, etc.?
2.18
Is access to elevators distin-
guished as to those that are
designated only for employees,
patients and visitors?
2.19 Are high value or critical assets
located as far into the interior of
the building as possible?
2.20
Is high visitor activity away from
assets?
2.21 Are critical assets located in
spaces that are occupied 24
hours per day? Are assets
located in areas where they are
visible to more than one person?
Is interior glazing near high-
2.22
threat areas minimized?
25 | P a g e

26. ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
ITEM
2.23 Do interior barriers differentiate
level of security within a facility?
2.24
Do foyers have reinforced
concrete walls and offset interior
and exterior doors from each
other?
2.25
Does the circulation routes have
unobstructed views of people
approaching controlled access
points?
2.26
Are pedestrian paths planned to
concentrate activity to aid in
detection?
2.27 Are ceiling and lighting systems
designed to remain in place
during emergencies?
3 Structural Systems
3.1 What type of construction? What The type of construction provides
type of concrete & reinforcing an indication of the robustness to
steel? What type of steel? What abnormal loading and load
type of foundation? reversals. Reinforced concrete
moment resisting frame provides
greater ductility and redundancy
than a flat-slab or flat-plate
construction. The ductility of steel
frame with metal deck depends
on the connection details and pre-
tensioned or post-tensioned
construction provides little
capacity for abnormal loading
patterns and load reversals. The
resistance of load-bearing wall
structures varies to a great extent,
depending on whether the walls
are reinforced or unreinforced. A
rapid screening process
developed by FEMA for assessing
structural hazard identifies the
following types of construction
with a structural score ranging
from 1.0 to 8.5. The higher the
score indicates a greater capacity
to sustain load reversals. Wood
buildings of all types - 4.5 to 8.5
Steel moment resisting frames 3.5
to 4.5 Braced steel frames - 2.5 to
3.0 Light metal buildings - 5.5 to
6.5 Steel frames with cast-in-
place concrete shear walls - 3.5 to
4.5
26 | P a g e

27. ITEM ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
Concrete moment resisting
frames - 2.0 to 4.0 Concrete
shear wall buildings 3.0 to 4.0
Concrete frame with unreinforced
masonry infill walls - 1.5 to 3.0
Steel frame with unreinforced
masonry infill walls - 1.5 to 3.0
Tilt-up buildings - 2.0 to 3.5
Precast concrete frame buildings -
1.5 to 2.5 Reinforced masonry -
3.0 to 4.0 Unreinforced masonry -
1.0 to 2.
3.2 Do the reinforced concrete
structures contain symmetric
steel reinforcement (positive and
negative faces) in all floor slabs,
roof slabs, walls, beams and
girders that may be subjected to
rebound, uplift and suction
pressures? Do the lap splices
fully develop the capacity of the
reinforcement? Are lap splices
and other discontinuities
staggered? Do the connections
possess ductile details? Does
special shear reinforcement,
including ties and stirrups,
available to allow large post-
elastic behavior?
3.3 Are the steel frame connections
moment connections? Are the
column spacing minimized so
that reasonably sized members
will resist the design loads and
increase the redundancy of the
system? What are the floor-to-
floor heights?
3.4 Are critical elements vulnerable The priority for upgrades should
to failure? be based on the relative
importance of structural or non-
structural elements that are
essential to mitigating the extent
of collapse and minimize injury
and damage. Primary Structural
Elements provide the essential
parts of the building’s resistance
27 | P a g e

28. ITEM ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
Catastrophic blast loads and
progressive collapse. These
include columns, girders, roof
beams, and the main lateral
resistance system; Secondary
Structural Elements consist of all
other load bearing members, such
as floor beams, slabs, etc.;
Primary Non-Structural Elements
consist of elements (including
their attachments) which are
essential for life safety systems or
elements which can cause
substantial injury if failure occurs,
including ceilings or heavy
suspended mechanical units; and
Secondary Non-Structural
Elements consist of all elements
not covered in primary non-
structural elements, such as
partitions, furniture, and light
fixtures.
3.5 Will the structure suffer an The extent of damage to the
unacceptable level of damage structure and exterior wall
resulting from the postulated systems from the bomb threat
threat? may be related to a protection
level: Low and Medium/Low Level
Protection - Major damage. The
facility or protected space will
sustain a high level of damage
without progressive collapse.
Casualties will occur and assets
will be damaged. Building
components, including structural
members, will require replace-
ment, or the building may be
completely un-repairable,
requiring demolition and
replacement. Medium Level
Protection Moderate damage,
repairable. The facility or
protected space will sustain a
significant degree of damage, but
the structure should be reusable.
Some casualties may occur and
assets may be damaged.
Building elements other than
major structural members may
require replacement. Higher Level
Protection - Minor damage,
repairable. The facility or
protected space may globally
sustain minor damage with some
28 | P a g e

29. ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
ITEM
local significant damage possible.
Occupants may incur some injury,
and assets may receive minor
damage.
3.6 Is the structure vulnerable to Design to mitigate progressive
progressive collapse? Is the collapse is an independent
facility capable of sustaining the analysis to determine a system’s
removal of a column for one ability to resist structural collapse
floor above grade at the building upon the loss of a major structural
perimeter without progressive element or the system’s ability to
collapse? In the event of an resist the loss of a major
internal explosion in an structural element. Design to
uncontrolled public ground floor mitigate progressive collapse may
area (such as lobbies, loading be based on the methods outlined
docks and mailrooms) does the in ASCE 7-98. Designers may
design prevent progressive apply static and/ or dynamic
collapse due to the loss of one methods of analysis to meet this
primary column or does the requirement and ultimate load
design preclude such a loss? Do capacities may be assumed in the
architectural or structural analyses. Existing buildings
features provide a minimum 6- should not be retrofitted to
inch standoff to the internal prevent progressive collapse
columns? Are the columns in the unless they are undergoing a
unscreened internal spaces structural renovation, such as a
designed for an un-braced seismic upgrade. Existing facilities
length equal to two floors, or may be retrofitted to withstand the
three floors where there are two design level threat or to accept
levels of parking? the loss of a column for one floor
above grade at the building
perimeter without progressive
collapse.
3.7 Are there adequate redundant Special consideration should be
load paths in the structure? given to materials which have
inherent ductility and which are
better able to respond to load
reversals such as cast in place
reinforced concrete and steel
construction. Careful detailing is
required for material such as pre-
stressed concrete, pre-cast
concrete, and masonry to
adequately respond to the design
loads. Primary vertical load
carrying members shall be
protected where parking is inside
a facility and the building
superstructure is supported by the
parking structure.
3.8 Will the loading dock design limit The floor of the loading dock does
damage to adjacent areas and not need to be designed for blast
vent explosive force to the resistance if the area below is not
exterior of the building? occupied and contains no critical
utilities.
29 | P a g e

30. ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
ITEM
3.9 Are mailrooms, where packages Where mailrooms and
are received and opened for unscreened retail spaces are
inspection, and unscreened located in occupied areas or
retail spaces designed to adjacent to critical utilities,
mitigate the effects of a blast on walls, ceilings, and floors, they
primary vertical or lateral bracing should be blast and fragment
members? resistant. Methods to facilitate
the venting of explosive forces
and gases from the interior
spaces to the outside of the
structure may include blow-out
panels and window system
designs that provide protection
from blast pressure applied to
the outside but that readily fail
and vent if exposed to blast
pressure on the inside.
3.10 Are there transfer girders that
are supported by columns within
unscreened public spaces or at
the exterior of the building?
4 Building Envelope
4.1 To what level are the exterior The performance of the façade
Walls designed to provide less varies to a great extent on the
than a high hazard response? materials. Different
Are the walls capable of construction includes brick or
withstanding the dynamic stone with block back-up, steel
reactions from the windows? stud walls, precast panels,
curtainwall with glass, stone or
metal panel elements. The
performance of the glass will
similarly depend on the
materials. Glazing may be
single pane or double pane,
monolithic or laminated,
annealed, heat strengthened or
fully tempered.Shear walls that
are essential to the lateral and
vertical load bearing system,
and that also function as
exterior walls, shall be
considered primary structures
and shall resist the actual blast
loads predicted from the
threats specified. Where
exterior walls are not designed
for the full design loads,
special consideration shall be
given to construction types that
reduce the potential for injury.
As a minimum goal, the
window systems should be
designed so that at least __ %
of the total glazed areas of the
facility meet the specified
performance conditions when
subjected to the defined
threats.
30 | P a g e

31. ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
ITEM
4.2 Is there less than 40 % fenestra-
tion openings per structural bay?
Are the window systems design
(glazing, frames, anchorage to
supporting walls, etc.) on the
exterior facade balanced to
mitigate the hazardous effects of
flying glazing following an
explosive event? Do the glazing
systems with a ½inch bite
contain an application of
structural silicone? Is the glazing
Laminated or is it protected with
an anti-shatter film? If an anti-
shatter film is used, is it a
minimum of a 7-mil thick film, or
specially manufactured 4-mil
thick film?
4.3 Do the walls, anchorage, and Government produced and
window framing fully develop the sponsored computer programs
capacity of the glazing material coupled with test data and
selected? Will the anchorage recognized dynamic structural
remain attached to the walls of analysis techniques may be used
the facility during an explosive to determine whether the glazing
event without failure? Is the either survives the specified
façade connected to backup threats or the post damage
block or to the structural frame? performance of the glazing
Are non-bearing masonry walls protects the occupants. A
reinforced? breakage probability no higher
than 750 breaks per 1000 may be
used when calculating loads to
frames and anchorage.
4.4 Does the facility contain ballistic Glass-clad polycarbonate or
glazing? Does the ballistic laminated polycarbonates are two
glazing meet the requirements types of acceptable glazing
of UL 752 Bullet-Resistant material.
Glazing? Does the facility
contain security-glazing? Does
the security-glazing meet the
requirements of ASTM F1233 or
UL 972, Burglary Resistant
Glazing Material? Do the
Window Assemblies containing
Forced Entry resistant glazing
(excluding the glazing) meet the
requirements of ASTM F 588?
31 | P a g e

32. ITEM ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
4.5 Do non-window openings, such In-filling of blast over-pressures
as mechanical vents and must be considered through non-
exposed plenums, provide the window openings such that
same level of protection required structural members and all
for the exterior wall? Are non- mechanical system mountings
window openings, such as and attachments should resist
mechanical vents and exposed these interior fill pressures.
plenums, designed to the level
of protection required for the
exterior wall?
4.6 Is interior glazing shatter
resistant? Interior glazing should be
minimized where a threat exists
and should be avoided in
enclosures of critical functions
next to high-risk areas.
5 Utility Systems
5.1 What is the source of domestic Critical water supply may be
water? vulnerable. Sources include
municipal, wells, storage tank.
5.2 Are there multiple entry points
for the water supply? If the facility has only one source
of water entering at one location,
the entry points should be secure.
5.3 Is the incoming water supply in a
secure location? Access to water supply should
not be open to non-authorized
personnel.
5.4
Does the facility have storage Operational facilities will require
capacity for domestic water? reliance on adequate domestic
How much? water supply.
5.5 What is the source of water for
the fire suppression system? Describe location and number of
service entry points. Is the service
reliant on the local utility
company?
5.6 Are sewer systems protected?
Are they accessible? Sanitary and storm water sewers
should be protected from
unauthorized access and possible
contamination.
5.7 What fuel supplies do the facility
rely on for critical operation? Typically natural gas, propane, or
fuel oil are required for continued
operation
5.8 How much fuel is stored on the Fuel storage protection is
facility? How is it stored? essential for continued operation.
32 | P a g e

33. ITEM ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
5.9 The supply of fuel is dependent
on the reliability of the supplier.
Where is the fuel supply
obtained? How is it delivered?
Critical functions may be served
5.10 Are there alternate sources of by alternate methods if normal
fuel? Can alternate fuels be fuel supply is interrupted.
used?
What is the normal source of
5.11 electrical service for the facility? Utilities are the general source
unless co-generation or a private
energy provider is available.
5.12 Is there a redundant electrical
service source? Can the The utility may have only one
facilities be feed from more than source of power from a single
one utility substation? substation. There may be only
single feeders from the main
substation.
How may service entry points
5.13 does the facility have for Electrical supply at one location
electricity? creates a vulnerable situation
unless alternate source are
available.
What provisions for emergency
5.14 power exist? Describe the emergency power
system and its location. Can the
utility provide backup power if the
normal electrical service is
interrupted?
5.15 Is the incoming electric service
to the building secure? Typically, the service entrance is
a locked room, unaccessible to
the public.
5.16 Does the fire alarm system
require communication with Typically, the local fire department
external sources? responds to an alarm. Describe
how the alarm signal is sent to the
responding agency: telephone,
radio, etc.
5.17 Typically communication ducts or
By what means does the main other conducts are available.
telephone and data communica-
tions interface the facility?
5.18
Are there multiple or redundant Secure locations of communica-
location for the communication tions wiring entry to the facility are
service? required.
6 Mechanical Systems
6.1 Where are the air intakes and
exhaust louvers for the building? Describe location and relation to
public access. Indicate if intakes
are low, high or midpoint of
building structure.
6.2 Are there multiple air intake Single air intakes may feed
locations? several air handling units. Indicate
if the air intakes are localized or
separated.
33 | P a g e

34. ITEM ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
6.3 What are the types of air
filtration? Describe the efficiency and
number of filter modules for each
of the main air handling systems.
Is there space for larger filter
6.4 assemblies on critical air Air handling units serving critical
handling systems? functions during continued
operation may be retrofitted to
provide enhanced protection
during emergencies.
6.5 How are the air handling
systems zoned? Describe the areas and functions
served by each of the primary air
handling systems.
6.6 Independent units can continue to
Are there large central air operate if damage occurs to
handling units or are there limited areas of the facility.
multiple units serving separate
zones?
Are there any redundancies in
6.7 the air handling system? Describe if critical areas can be
served from other units if a major
system is disabled.
6.8 Is the air supply to critical areas
compartmentalized? Describe if air flow can occur from
critical to non-critical areas either
through building openings,
ductwork, or air handling system.
6.9
Are supply and exhaust air
systems for laboratories secure?
6.10
Central systems can range from
What is the method of tempera-
monitoring only to full control.
ture and humidity control? Is it
Local control may be available to
localized or centralized?
override central operation.
6.11 Where are the control centers Access to any component of the
and cabinets located? Are they building automation and control
in secure areas? How is the system could compromise the
control wiring routed? functioning of the system.
6.12 Are there provisions for air Duct mounted sensors are found
monitors or sensors for chemical in limited cases generally in
or biological agents? laboratory areas.
7 Plumbing and Gas Systems
7.1 What is the method of water
distribution? Central shaft locations for piping
are more vulnerable than multiple
riser locations.
7.2 What is the method of medical
gas distribution?
34 | P a g e

35. ITEM ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
7.3 Is there redundancy to the main
piping distribution? Looping of piping and use of
section valves provide redun-
dancy in the event sections of the
system are damaged.
7.4 What is the method of heating
domestic water? What fuel is Single source of hot water with
used? one fuel source is more
vulnerable than multiple sources
and multiple fuel types.
7.5
Describe the locations relative to
Where are the oxygen and
the facility including any blast
nitrous oxide tanks located?
protection? Indicate if the
How are they piped to the
distribution piping is above or
distribution system?
belowground.
7.6 Are there reserve supplies of
oxygen and nitrous oxide? Localized gas cylinders could be
available in the event of damage
to the central tank system.
8 Electrical Systems
8.1 How are the electrical rooms
secured? Describe if all primary electrical
equipment is located in a secured
area.
8.2 Are critical electrical systems co-
located with other building Indicate those areas where major
systems? electrical equipment is colocated
with other systems or is located in
areas outside secured electrical
areas.
8.3 Are electrical distribution panels
secured or in secure locations? Describe the means of access
and location of critical electrical
distribution panels serving branch
circuits.
8.4
Does emergency backup power Is the emergency power system
exist for all areas within the independent from the normal
facility? How is the emergency electrical service, particularly in
power distributed? critical care areas?
8.5
Central utility shafts may be
How is the primary electrical
subject to damage. Describe if the
system wiring distributed? Is
distribution is co-located with
there redundancy of distribution
other major utilities and if there
to critical areas?
are alternate suppliers.
8.6 What is the extent of the
external facility lighting in utility Indicate the amount of exterior
and service areas? lighting particularly in critical
areas such as utility and service
areas.
8.7 Are there any transformers or Describe how these devices are
switchgears located outside the secured and if they are vulnerable
building or accessible from the to public access.
building exterior?
35 | P a g e

36. ITEM ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
9 Fire Alarm Systems
9.1 Is the facility fire alarm system
centralized or localized? Describe the main components of
the system including methods and
extent of annunciation both locally
and centrally.
9.2 Where are the fire alarm panels
located? Indicate the location and
accessibility of the panels
particularly with regard to access
by unauthorized personnel.
9.3 Describe what interface the fire
Is the fire alarm system stand- alarm system has with other
alone or integrated with other building management systems.
functions such as security and
environmental systems?
Communications and IT
10 tems
Sys
10.1 Where are communication
systems wiring closets located? Describe if communications
Are they in secure areas? closets are independent or if they
are co-located with other utilities.
How is communications system
10.2 wiring distributed? Indicate if wiring systems are in
chases or if distribution is in
occupied areas.
Are there redundant
10.3 communications systems Critical areas should be supplied
available? with multiple or redundant means
of communications.
10.4
Do the IT systems meet require-
ments of confidentiality, integrity,
and availability?
10.5
Where is the disaster recovery/
mirroring site?
10.6 Where is the back-up tape/file
storage site and what is the type
of safe environment? (safe,
vault, underground) Is there
redundant refrigeration in the
site?
10.7 Where is the main distribution
facility? Where are the
secondary and/or intermediate
distribution facilities?
10.8 Where are the routers and
firewalls located?
36 | P a g e

37. ITEM ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
10.9
What type, power rating, and
location of the UPS? (battery,
online, filtered)
10.1
0 What type and where are the
WAN connections?
10.1
1 What type and where are the
wireless systems (RF, HF, VHG,
MW) located?
10.1
2 What type of LAN (Cat 5, fiber,
Ethernet, Token Ring) is used?
10.1 What type and where are data
3 centers located?
Equipment Operations
11 Maintenance
and
11.1 Rebalancing may only occur
Have critical air systems been during renovation.
rebalanced? If so, when and
how often?
11.2 Is air pressurization monitored
regularly? Some areas required positive or
negative pressure to function
properly. Pressurization is critical
in a hazardous environment or
emergency situation.
11.3
Describe if there are composite
Are there composite drawings
layout drawings of electrical,
indicating location and
mechanical and fire protection
capacities of major systems? Do
systems and the status of latest
updated O&M manuals exist?
updates.
11.4 Does the facility have a policy or
procedure for periodic Recommissioning involves testing
decommissioning of major and balancing of systems to
M/E/P systems? ascertain their capability to
perform as described.
11.5 Is there an adequate operations Describe level of maintenance
and maintenance program and operation and the extent of
including training of facilities training provided at the facility.
management staff?
11.6
What maintenance and service
agreements exist for MEP
systems?
12 Security Systems
Perimeter Security
12.1
Are black/white or color CCTV
cameras used? Are they analog
or digital by design?
37 | P a g e

38. ITEM ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
What are the number of fixed, Security technology is frequently
wireless and pan-tilt-zoom considered to compliment or
cameras used? Who are the supplement security personnel
manufacturers of the CCTV forces and to provide a wider area
cameras? What is the age of the of coverage. Typically these
CCTV cameras in use? physical security elements
provide the first line of defense in
deterring, detecting and
responding to threats and
vulnerabilities. They must be
viewed are an integral component
of the overall security program.
Their design, engineering,
installation, operation and
management must be able to
meet daily security challenges
from a cost effective and
efficiency perspective.
12.2 Are the cameras programmed to Example, if a perimeter door is
respond automatically to opened, the closest camera
perimeter building alarm events? responds and begins surveillance
Do they have built-in video of the area.
motion capabilities?
12.3 Are panic/duress alarm sensors
used, where are they located
and are they hardwired or
portable?
12.4
Are intercom call-boxes used in
parking areas or along the
building perimeter?
12.5 Are the perimeter cameras
supported by an uninterrupted
power supply source; battery or
building emergency power?
12.6 What is the quality of video
images both during the day and
hours of darkness? Are infrared
camera illuminators used?
12.7 What is the transmission media
used to transmit camera video
signals: fiber, wire line,
telephone wire, coaxial,
wireless?
12.8 What type of camera housings
are used and are they environ-
mental in design to protect
against exposure to heat and
cold weather elements?
38 | P a g e

39. ITEM ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
12.9 Who monitors the CCTV
system?
12.10 What type of exterior IDS
sensors are used:
electromagnetic, fiber optic,
active infrared, bistatic
microwave, seismic,
photoelectric, ground, fence,
glass break (vibration/shock),
single, double and roll-up door
magnetic contacts or switches.
12.11 Is a global positioning satellite
system (GPS) used to monitor
vehicles and asset
movements?
Interior Security
12.12 Are black/white or color CCTV
cameras used? Are they
monitored and recorded 24
hours/7 days a week? By
whom? Are they analog or
digital by design? What are
the number of fixed, wireless
and pan-tilt-zoom cameras
used? Who are the
manufacturers of the CCTV
cameras? What is the age of
the CCTV cameras in use?
12.13 Are the cameras programmed Example, if a perimeter door is
to respond automatically to opened, the closest camera
interior building alarm events? responds and begins surveillance
Do they have built-in video of the area.
motion capabilities?
12.14
What are the first costs and
maintenance costs associated
with the interior cameras?
12.15
Are their panic/duress alarm
sensors used, where are they
located and are they
hardwired or portable?
12.16 Are intercom call-boxes or
building intercom system used
throughout the facility?
39 | P a g e

40. ITEM ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
12.17
Are the interior cameras
supported by an uninterrupted
power supply source; battery
or building emergency power?
12.18
Is the quality in interior camera
video images of good visual
and recording quality?
12.19 Are the camera lenses used of
the proper specifications,
especially distance viewing
and clarity?
12.20 What is the transmission
media used to transmit
camera video signals: fiber,
wire line, telephone wire,
coaxial, wireless?
12.21
What type of camera housings
are used and are they
designed to protect against
exposure or tampering?
12.22
Are magnetometers (metal
detectors) and x-ray
equipment used and at what
locations within the facility?
12.23 Does a security photo
identification badge
processing system in place?
Does it work in conjunction
with the access control system
or is it a standalone system?
12.24 What type of interior IDS
sensors are used:
electromagnetic, fiber optic,
active infrared-motion
detector, photoelectric, glass
break (vibration/shock), single,
double and roll-up door
magnetic contacts or
switches?
12.25
Is there a security system in
place to protect against
infant/patient abductions?
12.26 Is there a security asset
tracking system in place that
monitors the movement,
control and accountability of
assets within and removal
from a facility (e.g. electronic
tags, bar codes, wire,
infrared/black light markings,
etched or chemical embedded
id number, etc.)?
40 | P a g e

41. ITEM ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
12.27 Is there a holdup-cash register
security controls in place that
activates upon removal of cash
and works in conjunction with
other CCTV and related IDS
systems?
12.28 What type of security access
control systems is used? Are
these same devices used for
physical security also used
(integrated) with providing
access control to security
computer networks (e.g. in place
of or combination with user id’s
and system passwords)?
12.29
What types of access control
transmission media is used to
transmit access control system
signals (same as defined for
CCTV cameras)?
12.30
What is the backup power
supply source for the access
control systems; battery backup
or some form of other
uninterrupted power sources?
12.31
What access control system
equipment is used? How old are
the systems and what are the
related first and maintenance
service costs?
12.32 Are mechanical, electrical,
medical gas, power supply,
radiological material storage,
voice/data telecommunication
system nodes, security system
panels, elevator and critical
system panels, and other
sensitive rooms continuously
locked, under electronic security
CCTV camera and intrusion
alarm systems surveillance?
12.33
What security safeguards are in
place to control the movement,
custody, accountability and
tracking of facility assets?
12.34 Are their vaults or safes used
and are they protected against
unauthorized or forced entry?
Where are they located?
41 | P a g e

42. ITEM ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
12.35 What security controls are in
place to handle the processing
of mail and protect against
potential biological, explosive
or other threatening
exposures?
12.36 What type of security key
management system is in
place? How are keys made,
issued and accounted for?
Who is responsible for key
management and the
authorized release of them?
12.37 What types of locking
hardware are used throughout
the facility? Are manual and
electromagnetic cipher,
keypad, pushbutton, panic
bar, door strikes and related
hardware and software used?
12.38 Are any potentially hazardous
chemicals, combustible or
toxic materials stored on-site
in non-secure and non-
monitored areas?
12.39
Is there a designated security
control room and console in
place to monitor security, fire
alarm and possibly other
building systems?
12.40 Is the security console and
control room adequate in size,
provide room for expansion,
have adequate environment
controls (e.g. a/c, lighting,
heating, air circulation, backup
power, etc,) and is
ergonomically designed?
12.41
Is the location of the security
room located in a secure area
with limited, controlled and
restricted access controls in
place?
12.42 What are the means by which
facility and security personnel
can communicate with one
another: portable radio, pager,
cell phone, personal data
assistants (PDA’s), etc)? What
problems have been
experienced with these and
other electronic security
systems?
42 | P a g e

43. ITEM ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
12.43 Is there a computerized
security incident reporting
system used to prepare
reports and track security
incident trends and patterns?
12.44 Does the present security This system allows for the
force have access to use a systematic performance of guard
computerized guard tour patrols with validation indicators
system? built in. The system notes
stations/locations checked or
missed, dates and times of such
patrols and who conducted them
on what shifts. Management
reports can be produced for
record keeping and manpower
analysis purposes.
Security System Documents
12.45 Are security system as-built Critical to the consideration and
drawings been generated and operation of security technologies
ready for review? its overall design and engineering
processes. These historical
reference documents outline
system specifications and layout
security device used, their
application, location and
connectivity. They are a critical
resource tool for troubleshooting
system problems, for replacing
and adding other security system
hardware and software products.
Such documents are an integral
component to new and retrofit
construction projects.
12.46
Have security system design
and drawing standards been
developed?
12.47
Are security equipment
selection criteria defined?
12.48
What contingency plans have
been developed or are in
place to deal with security
control center redundancy and
backup operations?
12.49 Have security system
construction specification
documents been prepared and
standardized?
12.50
Are all security system
documents to include as-built
drawings current?
12.51 Have qualifications been
determined in using security
consultants, system designers
and engineers, installation
vendors and contractors?
43 | P a g e

44. ITEM ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
12.52 Are security systems
decentralized, centralized,
integrated, and operate over
existing IT network or
standalone method of
operation?
12.53 What security systems
manuals are available?
12.54 What maintenance or service
agreements exist for security
systems?
13 Security Master Plan
13.1 Does a written security plan The development and imple-
exist for this facility? When mentation of a security master
was the initial security plan plan provides a roadmap which
written and last revised? Who outlines the strategic direction and
is responsible for preparing vision, operational, managerial
and reviewing the security and technological mission, goals
plan? and objectives of the
organizations security program.
13.2 Has the security plan been
communicated and
disseminated to key
management personnel and
departments?
13.3 Has the security plan been
benchmarked or compared
against related organizations
and operational entities?
13.4 Has the security plan ever
been tested and evaluated
from a cost-benefit and
operational efficiency and
effectiveness perspective?
13.5 Does it define mission, vision,
short-long term security
program goals and objectives?
13.6 Are threats, vulnerabilities,
risks adequately defined and
security countermeasures
addressed and prioritized
relevant to their criticality and
probability of occurrence?
13.7 Has a security implementation
schedule been established to
address recommended
security solutions?
13.8 Have security operating and
capital budgets been
addressed, approved and
established to support the
plan?
44 | P a g e

45. ITEM ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
13.9
What regulatory or industry
guidelines/standards were
followed in the preparation of
the security plan?
13.10 Does the security plan
address existing security
conditions from an
administrative, operational,
managerial and technical
security systems perspective?
13.11 Does the security plan
address the protection of
people, property, assets and
information?
13.12 Does the security plan
address the following major
components: access control,
surveillance, response,
building hardening and
protection against biological,
chemical, radiological and
cyber-network attacks?
13.13 Has the level of risk been
identified and communicated
in the security plan through
the performance of a physical
security assessment?
13.14
When was the last security
assessment performed? Who
performed the security risk
assessment?
13.15 Were the following areas of
security analysis addressed in
the security master plan:
Asset Analysis: Does the
security plan identify and
prioritize the assets to be
protected in accordance to
their location, control, current
and replacement value?
Threat Analysis: Does the
security plan address potential
threats; causes of potential
harm in the form of death,
injury, destruction, disclosure,
interruption of operations, or
denial of services? Examples
include possible criminal acts
(documented and review of
police/security incident
reports) associated with
forced entry, bombs, ballistic
assault, biochemical and
related terrorist tactics, attacks
against utility systems
infrastructure and buildings.
45 | P a g e

46. ITEM ASSESSMENT QUESTION ASSESSMENT GUIDANCE ASSESSMENT COMMENT
Vulnerability Analysis: Does the
security plan address other
areas and anything else
associated with a facility and it’s
operations that can be taken
advantage of to carry out a
threat? Examples include the
architectural design and
construction of new and existing
facilities, technological support
systems (e.g. heating, air
conditioning, power, lighting and
security systems, etc.) and
operational procedures, policies
and controls. Risk Analysis:
Does the security plan address
the findings from the asset,
threat, and vulnerability
analyses to develop,
recommend and consider
implementation of appropriate
security countermeasures?
Contact Information
James E. McDonald
C/O American Alarm and Communications, Inc.
Central Massachusetts Regional Office
489 Washington Street
Auburn, Massachusetts 01501
Direct Phone: (508) 453-2731
Direct Fax: (781) 645-7537
Email: JMcDonald@AmericanAlarm.com
American Alarm Website: www.AmericanAlarm.com
Blog: www.SecurityTalkingPoints.com
Twitter: www.Twitter.com/physectech
46 | P a g e

47. The Physical Security Risk Management Book
BY JAMES McDONALD, PSNA A PROUD MEMBER OF INFRAGARD, IFMA, ASIS & IAHSS
AMERICANALARM
47 | P a g e