An audit is an important first step in any new physical security job. It can also be a powerful tool to assess security at an existing customer’s facility, especially as new threats emerge and technology evolves.
When starting your next physical security audit, keep the following dos and don’ts in mind:
DO: Remember that every facility is different.
An audit is designed to uncover potential security vulnerabilities and help you determine how to fix them. As you conduct an audit, be sure to consider each facility separately from your previous experiences—especially those in various industries. After all, every job is at least somewhat different.
DON’T: Recreate the wheel.
There’s no need to start from scratch when writing your audit checklists or assessment documents. Countless audits are available online, for a wide variety of verticals and types of facilities. Find one that works for your general purposes and then adapt it for each new customer.
DO: Take a holistic approach.
Consider the entire facility’s security picture, even if you are only working on one system. After all, various security technologies rely upon each other and work together to create layers of security.
DON’T: Forget the human factor.
How does the facility make use of security guards and other employees to enhance security? Are guards used effectively, or could security be improved using technology?
DO: Consider the customer’s existing security technology.
Be sure your audit takes into account all legacy security devices, including analog cameras. Your new solution may be able to leverage these assets in certain areas.
DON’T: Disregard “low-tech” security techniques.
Explore any low-tech ways the facility achieves physical security, such as lighting, bollards, and even landscaping.
DO: Get to know the facility before deciding on technology.
The audit is your chance to fully observe your customer’s environment before homing in on a particular device or system. Take this opportunity to note any and all challenges and opportunities that may guide your technology choices. For example, areas requiring video surveillance may have unexpected obstructions. Or examining a facility’s ingress and egress points may help you realize what level of access control they require.
DON’T: Forget to include your customer.
Of course, your customer knows its facility the best. It will know where most security gaps exist and can provide insight into their challenges. As you conduct your audit, be sure to include your customer—ideally, a representative from the company’s security team.
DO: Keep your customer’s security goals in mind.
As you conduct your audit, be sure to continually reference the specific security challenges your customer is trying to solve. One may be looking to protect the facility from external threats such as theft or vandalism, while another’s main goal may be to deter employee fraud. This end goal will help focus your audit on the areas and systems that matter most.
DON’T: Assume an audit is a one-time thing.
Your customers can benefit greatly from regular security audits, especially as their business undergoes changes such as expanded facilities, additional employees, and new IT systems. Consider offering regular or as-needed audits to your customers as a value-added service. As security technologies evolve, audits can be a good opportunity to ensure that your customers’ facilities are as secure as possible.
What are some of your dos and don’ts when conducting a physical security audit?