Physical security


Understand what you need to protect

Before you can put the right physical security measures in place, you must understand what you need to protect.

You may need to protect:

  • your people, information, and assets
  • the public and customers
  • cultural holdings.

PHYSEC1 - Understand what you need to protect

Identify the people, information, and assets that your organisation needs to protect, and where they are. Assess the security risks (threats and vulnerabilities) and the business impact of loss or harm to people, information, or assets. Use your understanding to: • protect your people from threats of violence, and support them if they experience a harmful event • protect members of the public who interact with your organisation • put physical security measures in place to minimise or remove risks to your information assets.

How will your facilities be used?

You need to understand how your facilities will be used, who will use them, who may visit them, and what will be stored in them.

Remember to include any classified information or assets you store, and legislative requirements you need to meet.

Are your people working away from the office?

Consider the situations that your people might face when they are working away from the office.

Will they be working at home? In remote-locations? In someone else’s building? Overseas?

Have you taken health and safety needs into account?

Under the Health and Safety at Work Act 2015, organisations must:

  • take all reasonable steps to minimise the risk of harm to employees, clients, and the public
  • ensure their physical security plans address the risk of harm to clients and the public.

Is your organisation co-locating?

If you’re co-locating, work in partnership with the other parties to build a shared understanding of physical security issues and each other’s security requirements.

More information:


Page last modified: 2/10/2018