Take a risk based approach
Your organisation’s unique context and potential threats determine which physical security measures you need.
When you take a risk-based approach, you can ensure your physical security measures are right for your organisation.
Identify what you need to protect
Identify the people, information, physical assets, and functions that you need to protect. Then determine the threats facing your organisation. Include threats within New Zealand and abroad (if you have overseas interests).
You need to fully understand the value and sensitivity of your information and assets to accurately assess your physical security risks.
Assess the impact of breached security
Use the Business Impact Levels (BILs) to assess the potential impact if your people, information, or assets were harmed, compromised, or unavailable. For example:
- if customers were aggressive to your people
- if your organisation’s property was stolen
- if someone tampered with your security system and gained unauthorised access to your office out of hours
- if someone gained unauthorised access to your premises and stole valuable information.
For every threat scenario, consider the risks to:
- the public
- your people, property, operations, reputation, finances, or business processes
- New Zealand as a whole.
- Applying Business impact levels
- ISO 31,000:2018 - Risk management - Guidelines
- HB 167:2006 — Security Risk Management — Handbook
Page last modified: 2/10/2018