PHY005
Identify what you need to protect
Identify the people, information, physical assets, and functions that you need to protect. Then determine the threats facing your organisation. Include threats within New Zealand and abroad (if you have overseas interests).
You need to fully understand the value and sensitivity of your information and assets to accurately assess your physical security risks.
Assess the impact of breached security
Use the Business Impact Levels (BILs) to assess the potential impact if your people, information, or assets were harmed, compromised, or unavailable. For example:
- if customers were aggressive to your people
- if your organisation’s property was stolen
- if someone tampered with your security system and gained unauthorised access to your office out of hours
- if someone gained unauthorised access to your premises and stole valuable information.
For every threat scenario, consider the risks to:
- the public
- your people, property, operations, reputation, finances, or business processes
- New Zealand as a whole.