The following guidance describes the use of specific security measures.
Remember that physical security is a combination of physical and procedural measures. You should develop policies that support your physical security measures and control their use.
Protect your organisation’s people, information, and assets and using approved security products from the New Zealand Special Intelligence Service (NZSIS). The NZSIS tests and approves security products that: safeguard protectively-marked information with a Business Impact Level (BIL) of high or above prevent widespread loss of life require specialist testing.
Restricting access to your facilities with perimeter access controls can help your organisation to reduce threats. Some types of perimeter access controls are: fences and walls pedestrian barriers vehicle barriers.
Before your organisation leases or constructs any premises, assess the construction methods and materials to find out if they will give the protection you need. Increasing the level of building security afterwards may be expensive or impossible.
Alarm systems can provide early warning of unauthorised access to your facilities. However, an alarm system is only of value when you use it alongside other measures designed to detect an intrusion attempt, delay an intruder’s progress, and give you time to respond.
Individual alarms can protect people and vehicles from harm. In some situations, building alarm systems or other facility-wide measures might not give all the protection your people and assets need.
Use access control systems to prevent unauthorised access. An access control system is a measure or group of measures designed to: allow authorised personnel, vehicles, and equipment to pass through protective barriers prevent unauthorised access.
Interoperable systems must be designed carefully to avoid creating vulnerabilities. Implementing interoperability between security alarm systems (SASs) and other building management systems can increase the threat of unauthorised system access and penetration.
Choose the right hardware to protect your information and assets. Your organisation must secure all access points to your premises, including doors and operable windows, using commercial grade or NZSIS-approved locks and hardware.
Consider using CCTV when your organisation is developing 'security in depth' for a site. CCTV is a visual deterrent to unauthorised access, theft, or violence.
Using lighting to enhance physical security at your site. Lighting can make an important contribution to physical security.
Choose the right containers and cabinets to keep information and assets secure. You must secure official information, valuable physical assets, and money in containers that are appropriate to their Business Impact Level (BIL).
Consider using a secure rooms, safes, or vaults instead of containers to protect large quantities of official information or valuable physical assets. Using secure roomsSecure rooms are suitable for storing large quantities of official information.
Follow clear, consistent processes for controlling visitor access to your facilities. A visitor means anyone in a facility or area who: is not an employee has been granted normal access to the facility or area as a visitor.
Control visitors and deter threats with receptionists and guards. If your organisation has regular public or client contact, you should have receptionists or guards to greet, assist, and direct visitors.
Work out which other physical security measures your organisation might need to address specific risks. Use the following examples to help you work out which physical security measures will best meet your specific requirements.