Physical security


It's important that you consider the following good practices when designing your physical security.

Deter, Detect, Delay, Respond, Recover

Physical security measures aim to protect people, information, and assets from compromise or harm through the following techniques. DeterDeter or discourage unauthorised people from attempting to gain unauthorised access to your facility.

Crime Prevention Through Environmental Design

Crime Prevention Through Environmental Design (CPTED) should be an integral part of your facility planning. To apply the principles of CPTED, identify which aspects of the physical environment could affect people’s behaviour and then use that knowledge to design an environment which minimises crime.

Security zones

Use security zones to match your security to the risks facing your people, information or assets. Extra security measures apply to areas where protectively-marked information and other official or valuable resources are processed, handled, discussed, and stored.

Security in depth

Design a multi-layered system of security measures to increase protection.

Physical protection of information

Protecting single items or limited amounts of informationYour organisation must protect individual documents in line with the Management protocol for information security and its associated requirements. Material with a compartmented marking, such as a codeword or SCI, may need additional mandatory security controls.

Relevant legislations and standards

The design of your physical security measures must comply with the following acts and any associated regulations or codes: the Health and Safety at Work Act 2015 the Privacy Act 2020 the Building Act 2004. Standards, handbooks, and codesWhen your organisation is implementing physical security measures, use the following standards, handbooks, and codes to guide you.