Physical security

Understand and follow the physical security lifecycle to protect your organisation’s people, information, and assets.

PHY008

Understand the physical security lifecycle

Establish and maintain robust physical security by following the physical security lifecycle.

Click to see the lifecycle infographic

Click to see the lifecycle infographic

Understand what you need to protect

Before you can put the right physical security measures in place, you must understand what you need to protect. Think about the value of the people, information, and assets in your environment.




Assess your physical security

When you assess your organisation’s unique risks, you can work out which physical security measures you need to reduce those risks to an acceptable level.




Design physical security early in your processes

Physical security measures can be more expensive and less effective if they’re introduced later. So consider your physical security requirements at the earliest stages — preferably during the concept and design stages.




Implement your physical security measures

During this phase, you implement the agreed physical security measures, including policies, processes, and technical measures.




Validate your physical security measures

Validating your organisation’s physical security measures means finding out if they’ve been correctly implemented and are fit for purpose.




Operate and maintain to stay secure

It is important to operate and maintain your security measures appropriately, so they continue to provide the protection you need.




Review your physical security measures regularly

Undertake regular reviews to ensure your security measures remain fit for purpose. Identify changes in your use of facilities, in your organisation, or your threat environment.




Retire information and assets securely

When your building, facilities, information, or assets are no longer needed, make sure you consider the security implications during the decommissioning phase. Have a plan for destroying, redeploying, or disposing of your facilities, information, or assets securely.