Physical Security F.A.Q.
The FAQ provides the answers to freequently asked questions about Physical Security
Freequently Asked Questions
Q1. What is physical security?
Q2. Are physical security reviews performed overtly or covertly?
Q3. What's the benefit of a physical security review?
Q4. What are the limitations of a physical security review?
Q5. How long does a physical security review take?
Q6. How much does a physical security review cost?
Q7. Who should I engage to perform a physical security review?
Q8. How often should I have a physical security review?
Q9. What will I get from commissioning a physical security review, and how should I select a consultant?
Q1. What is physical security?

A. Physical security is a vital element of a cohesive security regime, and refers to the methods employed to deny access to unauthorised persons by using barriers to entry.

These barriers include fences, gates, locks, access control and intruder detection systems, and safes and containers, commonly supported by a trained monitoring and response force. When deployed together, this layered system of barriers provides 'defence in depth' asset protection consistent with the prime objectives of security countermeasures; deter, detect, delay, assess, respond to and evaluate threats.

Effective physical security exists when unauthorised persons are denied access to assets, while known trusted people with a legitimate business reason to be within controlled interior spaces are not impeded.

A thorough assessment of the adequacy of physical security measures allows the organisation to determine if scarce security resources are being directed at the threats and risks realistically encountered in their routine operations, by providing a 'snapshot' of the current security posture.

A security review and audit of this type would typically identify the optimal combination of security countermeasures to reduce the likelihood and consequences of adverse incidents by examining:
  • Physical security planning
  • Guard force organisation, training, reporting and management
  • Personnel security and background screening, use of passes and keys, commencement and separation procedures
  • Perimeter and interior physical security, whether at an existing facility, temporary site or planned occupancy
  • Critical utility points (gas, telephone, electricity, water, sewage) and emergency/contingency arrangements
  • Security construction and building fabric attack resistance standards for protecting computer rooms, vaults, access control systems, guardhouses/central monitoring stations, and security equipment
  • Existing physical deterrents, locks and associated hardware
  • Existing intruder detection (burglar alarm) and CCTV surveillance systems and adequacy of response arrangements

Related elements of the security management structure such as administrative and personnel security may also be assessed, depending on the extent of required analysis.

Q2. Are physical security reviews performed overtly or covertly?

A. This can depend on the preference of the client, and the nature of the security concern being addressed. For example, in instances of actual or suspected organised employee fraud or theft, it may be necessary for a security investigator to adopt a 'cover' within the organisation to gather evidence.

The existence of sound security countermeasures objectively confirms management is rightly concerned for the continued viability of the organisation, and the safety and security of assets and staff. Overt reviews of security effectiveness raise the profile of the security function and educate staff on the role, increasing the likelihood that alert and informed staff members will act as a 'multiplier' for the security force.

The physical security review process addresses enterprise-wide organisational security management issues rather than individual security investigations, and the overt approach is most likely to gain staff co-operation and commitment.

Q3. What's the benefit of a physical security review?

A. The physical security review process provides an independent snapshot of client physical and related management security, and a report containing recommendations for improvement, ideally consistent with security global best practice.

This information is necessary for executive management to make informed decisions about cost effective security expenditure according to the threat and risk environment, to reduce the likelihood and consequences of incidents.

Executive management is therefore given a level of assurance that the countermeasures deployed to prevent unauthorised access and protect corporate assets are both effective and consistent.

Q4. What are the limitations of a physical security review?

A. The type and number of vulnerabilities identified during a physical security review is often determined largely by the skill sets and experience of the individuals conducting the site inspections and interviews, as well as the defined scope.

Assessments of the same site by different consultants may produce reports with significant variation in emphasis.

In all instances, the experience, qualifications and necessary licences of persons or companies engaged to perform physical security reviews should be verified. Membership of professional associations, holding certifications, and involvement in security seminars and events tends to indicate a level of commitment to keeping current in the fast moving world of security risk management and technology.

Q5. How long does a physical security review take?

A. Most reviews take about one week on site, with two to three weeks to finalise the report, depending on the level of detail required, the scope of the assignment and any site-specific conditions or reported problems.

Large sites with multiple campuses and/or decentralised security monitoring, or with numerous points of access and egress, may require a number of visits during and after normal business hours. For safety and confidentiality reasons, personnel conducting inspections after hours, or in highly sensitive areas, should be escorted.

Q6. How much does a physical security review cost?

A. The cost of a review of physical security countermeasures, or protective security audit, is typically based on three variables:
  • Skills, qualifications and experience of the review personnel
  • Complexity of the site and task
  • Estimated time required to satisfy the scope
The daily rate for physical security specialists, or management security consultants with technical knowledge of security systems, ranges from $600 to $4,000.00 per consultant, depending on the skills, experience and company.

Price alone is not a reliable reflection of skills and experience. Larger organisations typically charge higher daily rates to meet higher continuing corporate overheads.

Some medium or small organisations employing protective security specialists may have highly skilled and experienced consultants available at much more attractive rates.

Q7. Who should I engage to perform a physical security review?

A. When looking for a physical security specialist, ensure you are dealing with a reputable and experienced individual or consulting firm. Many individuals and organisations claim to have the licences, skills, qualifications and experience necessary to conduct effective security audits, however some lack professional depth, proven testing methodologies and discipline.

The organisation you select should:
  • Be licensed where required
  • Provide references from other customers they have performed similar work for
  • Demonstrate a systematic approach or methodology (eg. ASNZS4360)
  • Be reputable, and
  • Prove possession of the specialist skills required to conduct the security review


Q8. How often should I have a physical security review?

A. Physical security arrangements should be reviewed:
  • Whenever there is a security incident
  • When major renovations or accommodation changes are necessary
  • When changed business operations or focus cause a significant variation in the value or type of information and tangible assets held on-site, and
  • In the planning stages, when a new corporate premises is to be constructed
The physical security posture of each organisation should also be reviewed for appropriateness and effectiveness as part of the established management framework for cyclical reporting and evaluation of all security activities, including security risk assessments.

Organisations operating in medium to high risk environments exposed to significant harm from compromise of corporate assets, staff and information should consider more regular reviews.

Q9. What will I get from commissioning a physical security review, and how should I select a consultant?

A. The physical security review process, properly conducted, can assist in ensuring security considerations are reflected in the management of every existing or proposed project or program, countermeasures are cost effective and appropriate for the threat and risk environment, and are sufficient to mitigate the consequences of adverse security incidents such as:
  • Armed robbery
  • Assault
  • Bomb incident
  • Burglary
  • Fire/arson/industrial accident
  • Fraud, bribery, corruption and collusion
  • Hazardous mail items
  • Loss or disclosure of sensitive or classified material
  • Terrorist attack
  • Theft of corporate property
  • Theft of personal property
  • Threat/harassment/workplace violence
  • Trespass
  • Wilful damage/vandalism/graffiti.
Proving that executive management had considered and addressed security measures to counter such incidents has often been crucial in avoiding significant corporate legal liability (eg. assault of female staff member in car park monitored by non-functional CCTV), compromise of valuable materials and sensitive information, and other unwelcome and embarrassing occurrences.

To ensure value for money and professional attention, you should understand exactly what your security consultant intends to provide. Select an individual or company as you would any other product or service.

Be wary of companies or individuals who quickly identify a narrow range of solutions. Ensure the scope of the task correctly defines your security concerns.

Consider the following issues:
  • Who is recommended? Where do you find them?
  • What will you ask them to do? Set the scope and selection criteria for the work, clearly stating the issues of security concern.
  • How will you assess the adequacy of responses?
  • Will you interview the preferred short listed consultants?
  • How will you formalise the terms of reference and finalise the decision?, and,
  • What reporting and project management arrangements will be used?


If you are unsure exactly what deliverables you will get from a physical security review, ask your vendor to clarify in writing before authorising the letter of engagement.

If you have any questions about protective security or physical security reviews which have not been answered here, please feel free to email them to faq@neocomm.com.au
for a prompt response.
Home     Corporate Profile     Services     Solutions     Partners     Contact Us