Taking a risk-based approach to physical security

When you take a risk-based approach, you can ensure your physical security measures are right for your organisation

PHY005

Identify what you need to protect

Identify the people, information, physical assets, and functions that you need to protect. Then determine the threats facing your organisation. Include threats within New Zealand and abroad (if you have overseas interests).

You need to fully understand the value and sensitivity of your information and assets to accurately assess your physical security risks.


Assess the impact of breached security

Use the Business Impact Levels (BILs) to assess the potential impact if your people, information, or assets were harmed, compromised, or unavailable. For example:

  • if customers were aggressive to your people
  • if your organisation’s property was stolen
  • if someone tampered with your security system and gained unauthorised access to your office out of hours
  • if someone gained unauthorised access to your premises and stole valuable information. 

For every threat scenario, consider the risks to:

  • the public
  • your people, property, operations, reputation, finances, or business processes
  • New Zealand as a whole.