data centre security

Introduction to Physical Security Planning

When establishing a physical security plan, there are common themes through-out traditional frameworks to take note of.

Technological advancements are becoming more commonplace – if not overtaking – the standard security protocols.

As a result, concerns for the existing physical security systems falling behind are being raised.

Insights on how to implement new practices can be found in these traditional models.

Here is a 2-step introduction to how organisations can improve their physical security planning.

What is physical security?

Physical security addresses the actions to protect property, people and assets from harm.

This broad definition is contextual; for many, physical security is bodily protection from those who intend to injure. In other cases, physical security is ensuring a property will remain standing following bouts of extreme weather.

For the purpose of this article, physical security refers to pro-active measures of defence against unauthorised, forceful attempts of access.

secured by design security shutter

Physical Security Planning, Step 1: Evaluate

Evaluate. Assess. Determine.

Every consultant, framework, and advisory on physical security planning suggest evaluating the project before making any changes.

This is not without good reason. Only by first understanding the landscape can efficient defences be implemented by your team.

There are a number of considerations:

  • Property Type – what type of property is it? Is there a requirement for obvious deterrents?
  • Location – where is the site? Is it a location of civil unrest?
  • Budget – what is the realistic budget to meet expectations?
  • Assets – what is stored within the property? Is the property itself of value?
  • Internal Stakeholders – who is likely to be onsite in the event of an attack? Could there be potential for loss of life?
  • External Stakeholders – who could potentially be onsite? What level of authorisation is required?
  • Threat – is the property/owner/business aware of any existing threats?
  • Access/Operation – what access control will there to be? Who will be the main operator?

Other considerations may also be warranted depending on the nature of the facility.

data centre physical security

Take a Data Centre, for example.

Due to the nature of this scenario, Security Operators or Facility Managers within the data centre must consider every threat within their initial physical security plan.

From untrustworthy personnel purposefully leaving the property insecure to unauthorised tradesmen gaining access with a master key, to angle grinder attack out of business hours.

Paying equal attention to both cyber and physical threats, a number of these threats can be mitigated through new procedures.

The untrustworthy personnel leads to question the vetting process of new employees. Unauthorised intruders highlight a vulnerability in access control.

However the angle grinder attack, whilst more unlikely, would require a heavy-duty physical defence such as an Obexion MD SR4 Shutter.

This step highlights vulnerabilities in the project, therefore a vital part of the process.

Again within the scenario of the data centre, the physical security measures are ultimately seen as a preventative measure against professional means of attack.

In reality, this is simply one element of the wider security protocol in place.

Physical Security Planning, Step 2: Validate

Once the threats have highlighted vulnerabilities in the procedures, the physical security plan can be supported by industry security standards.

In our experience, the majority of clients understand before approaching us what their property requires.

This is determined by the evaluation we covered in Step 1. Then, supported by your security consultant and/or product manufacturer’s recommendations, the project can progress.

However, clients or contractors on some projects are unfamiliar with the recognised standards.

LPS 1175 and it’s security ratings are globally-recognised for accrediting and testing security products.

Governed by the Loss Prevention Certification Board (LPCB), LPS 1175 is concerned specifically with three critical elements:

  1. Detect (electronic)
  2. Deter & Delay (physical security)
  3. Respond (personnel)

Here is our in-depth explanation of the LPS 1175 security ratings, and how they are measured.

physical security matrix

How to assess what security rating you require

Measuring the effectiveness of the physical security plan is an ongoing project for the team on-site.

Therefore, implementing an effective physical security plan the first time around will save the money. It will also prevent distress or harm to the client in the event of a failed security measure.

For further guidance on the LPS 1175 security ratings, please download our free resource:

Guide to LPS 1175 Ratings

Leave a comment

Your email address will not be published. Required fields are marked *