Physical security


Alarm systems

Alarm systems can provide early warning of unauthorised access to your facilities.

However, an alarm system is only of value when you use it alongside other measures designed to detect an intrusion attempt, delay an intruder’s progress, and give you time to respond. Your alarm systems must be monitored and linked to a predetermined response.

Types of alarm systems

Alarm systems can be broadly divided into two types:

  • a perimeter (or external) intrusion detection system (PIDS) or alarm
  • an internal security alarm system (SAS).

Alarm systems may be single sector or sectionalised to give coverage to specific areas of risk. Sectionalised alarm systems allow greater flexibility because highly sensitive areas can remain secured when not in use and other parts of the facility are open.

A PIDS can be valuable for organisations with facilities enclosed in a perimeter fence because it will give early warning of unauthorised breaches.

Your organisation should seek specialist advice when designing and installing PIDS.

Managing alarm systems

You must develop procedures for using, managing, monitoring, and responding to an alarm system. When possible, adopt the administration and management principles set out in the NZSIS SAS Implementation and operation guide (under development).

Any contractors employed to maintain a SAS should be cleared to a level appropriate to the information to which they could reasonably be expected to have incidental access in the zones covered by the alarm system.

Use a suitably qualified designer or installer to design and commission any commercial alarm systems.

Make sure each different security zone is a separate alarm section (area) or have a separate alarm system for each zone.

When possible, configure your alarm systems to continuously monitor detection devices in high-risk areas. For example, irregularly accessed areas, roof spaces, inspection hatches, and under-floor cavities.

Related New Zealand standards

Managing alarm systems in zone 3 and above

For alarm systems in zone 3 and above, your organisation must have:

  • direct management and control
  • appropriately cleared and trained staff as privileged operators and users.

In zone 3, you may use guard patrols instead of an alarm system outside of usual work hours. For more information, go to Visitor Control (Out-of-hours guarding).

Managing alarm systems in zones 1 to 2

In lower zones, you should manage and administrate your alarm systems directly but you can outsource operational functions, such as monitoring and maintenance.

You can use guard patrols instead of an alarm system outside of usual work hours. For more information, go to Visitor Control (Out-of-hours guarding).

Keeping personal identification numbers (PINs) secure

Your organisation should ensure all personal identification numbers (PINs) for arming and disarming alarm systems are:

  • uniquely identifiable to an individual
  • not recorded by the individual
  • regularly changed in line with your risk assessment.

Your people must advise your chief security officer (CSO) straight away if they suspect any PINs have been compromised. Your CSO must disable the PIN and investigate any potential security breach.

For more information, go to Reporting incidents and conducting security investigations.

Dealing with engineering/installer codes securely

You must remove the default/engineering/installer user codes from alarm systems at commissioning.

For zones 3 and above, the engineering/installer codes must only be known to appropriately cleared personnel who have access to the zone.

When you need to give the code to others for maintenance purposes, you must change the codes as soon as the maintenance work is finished.

Your organisation should develop appropriate testing and maintenance procedures to ensure your alarm system is continually operational.

Choosing a security alarm system (SAS)

Security alarm systems are used to protect information and assets. To choose the right SAS, consider the:

  • level of the zone you need to protect
  • complexity of the zone's layout
  • security level of the information or assets you need to protect.

Also refer to Zone requirements.

Understanding SAS classes

Five classes of SASs are defined in AS/NZS 2201.1:2007 Intruder alarm systems - Client's premises - Design, installation, commissioning and maintenance. You must only use alarm systems that comply with this standard.

The five classes and their uses are:

  • Class 1 and 2: base-level systems only suitable for domestic use.
  • Class 3: mid-level systems suitable for protecting normal business operations in most organisations.
  • Class 4: mid-level systems suitable for protecting normal business operations in most organisations; and when used with detection devices and other controls, suitable for protecting information and physical assets in a Zone 3.
  • Class 5: high security commercial alarm system suitable for protecting information and physical assets with a BIL lower than catastrophic.

Complying with SAS requirements for security zones

When an NZSIS-approved SAS is not mandatory, your organisation should determine:

  • whether a commercial SAS is required at your facilities, including any temporary sites, as part of your risk mitigation strategies
  • the specifications for any such system
  • whether alternative security methods, such as guard patrols, are required as part of your risk mitigation strategies.

Consider whether you need guard patrols as well as an SAS to satisfactorily mitigate your risks.

Zone 2

If you use a commercial SAS in zone 2 it must meet or better the following standard: AS/NZS 2201.1:2007 Intruder alarm systems - Client's premises - Design, installation, commissioning and maintenance - Class 3

Zone 3

A SAS used in zone 3 must be separate from all other systems including access control and building management systems.

If you use a commercial SAS in zone 3 it should meet or better the following standard: AS/NZS 2201.1:2007 Intruder alarm systems - Client's premises - Design, installation, commissioning and maintenance Class 4 

Zones 4 and 5

NZSIS-approved alarm systems must be used for zones 4 and 5.

Also refer to NZSIS Guidelines on equipment selection and the Approval Products List.


Page last modified: 8/10/2018