Physical security
The following guidance describes the use of specific security measures.
PHY056
Remember that physical security is a combination of physical and procedural measures. You should develop policies that support your physical security measures and control their use.
Using NZSIS-approved products
Protect your organisation’s people, information, and assets and using approved security products from the New Zealand Special Intelligence Service (NZSIS). The NZSIS tests and approves security products that: safeguard protectively-marked information with a Business Impact Level (BIL) of high or above prevent widespread loss of life require specialist testing.
Perimeter access controls
Restricting access to your facilities with perimeter access controls can help your organisation to reduce threats. Some types of perimeter access controls are: fences and walls pedestrian barriers vehicle barriers.
Building construction
Before your organisation leases or constructs any premises, assess the construction methods and materials to find out if they will give the protection you need. Increasing the level of building security afterwards may be expensive or impossible.
Alarm systems
Alarm systems can provide early warning of unauthorised access to your facilities. However, an alarm system is only of value when you use it alongside other measures designed to detect an intrusion attempt, delay an intruder’s progress, and give you time to respond.
Individual alarm options
Individual alarms can protect people and vehicles from harm. In some situations, building alarm systems or other facility-wide measures might not give all the protection your people and assets need.
Access control systems
Use access control systems to prevent unauthorised access. An access control system is a measure or group of measures designed to: allow authorised personnel, vehicles, and equipment to pass through protective barriers prevent unauthorised access.
Alarm system and other building management systems interoperability
Interoperable systems must be designed carefully to avoid creating vulnerabilities. Implementing interoperability between security alarm systems (SASs) and other building management systems can increase the threat of unauthorised system access and penetration.
Locks, key systems, and doors
Choose the right hardware to protect your information and assets. Your organisation must secure all access points to your premises, including doors and operable windows, using commercial grade or NZSIS-approved locks and hardware.
Closed-circuit television
Consider using CCTV when your organisation is developing 'security in depth' for a site. CCTV is a visual deterrent to unauthorised access, theft, or violence.
Security lighting
Using lighting to enhance physical security at your site. Lighting can make an important contribution to physical security.
Security containers and cabinets
Choose the right containers and cabinets to keep information and assets secure. You must secure official information, valuable physical assets, and money in containers that are appropriate to their Business Impact Level (BIL).
Secure rooms, safes, and vaults
Consider using a secure rooms, safes, or vaults instead of containers to protect large quantities of official information or valuable physical assets. Using secure roomsSecure rooms are suitable for storing large quantities of official information.
Visitor control
Follow clear, consistent processes for controlling visitor access to your facilities. A visitor means anyone in a facility or area who: is not an employee has been granted normal access to the facility or area as a visitor.
Receptionists and guards
Control visitors and deter threats with receptionists and guards. If your organisation has regular public or client contact, you should have receptionists or guards to greet, assist, and direct visitors.
Other physical security measures
Work out which other physical security measures your organisation might need to address specific risks. Use the following examples to help you work out which physical security measures will best meet your specific requirements.
