Physical security

The following guidance describes the use of specific security measures.

PHY056

Remember that physical security is a combination of physical and procedural measures. You should develop policies that support your physical security measures and control their use.

Using NZSIS-approved products

Protect your organisation’s people, information, and assets and using approved security products from the New Zealand Special Intelligence Service (NZSIS). The NZSIS tests and approves security products that: safeguard protectively-marked information with a Business Impact Level (BIL) of high or above prevent widespread loss of life require specialist testing.




Perimeter access controls

Restricting access to your facilities with perimeter access controls can help your organisation to reduce threats. Some types of perimeter access controls are: fences and walls pedestrian barriers vehicle barriers.




Building construction

Before your organisation leases or constructs any premises, assess the construction methods and materials to find out if they will give the protection you need. Increasing the level of building security afterwards may be expensive or impossible.




Alarm systems

Alarm systems can provide early warning of unauthorised access to your facilities. However, an alarm system is only of value when you use it alongside other measures designed to detect an intrusion attempt, delay an intruder’s progress, and give you time to respond.




Individual alarm options

Individual alarms can protect people and vehicles from harm. In some situations, building alarm systems or other facility-wide measures might not give all the protection your people and assets need.




Access control systems

Use access control systems to prevent unauthorised access. An access control system is a measure or group of measures designed to: allow authorised personnel, vehicles, and equipment to pass through protective barriers prevent unauthorised access.




Alarm system and other building management systems interoperability

Interoperable systems must be designed carefully to avoid creating vulnerabilities. Implementing interoperability between security alarm systems (SASs) and other building management systems can increase the threat of unauthorised system access and penetration.




Locks, key systems, and doors

Choose the right hardware to protect your information and assets. Your organisation must secure all access points to your premises, including doors and operable windows, using commercial grade or NZSIS-approved locks and hardware.




Closed-circuit television

Consider using CCTV when your organisation is developing 'security in depth' for a site. CCTV is a visual deterrent to unauthorised access, theft, or violence.




Security lighting

Using lighting to enhance physical security at your site. Lighting can make an important contribution to physical security.




Security containers and cabinets

Choose the right containers and cabinets to keep information and assets secure. You must secure official information, valuable physical assets, and money in containers that are appropriate to their Business Impact Level (BIL).




Secure rooms, safes, and vaults

Consider using a secure rooms, safes, or vaults instead of containers to protect large quantities of official information or valuable physical assets. Using secure roomsSecure rooms are suitable for storing large quantities of official information.




Visitor control

Follow clear, consistent processes for controlling visitor access to your facilities. A visitor means anyone in a facility or area who: is not an employee has been granted normal access to the facility or area as a visitor.




Receptionists and guards

Control visitors and deter threats with receptionists and guards. If your organisation has regular public or client contact, you should have receptionists or guards to greet, assist, and direct visitors.




Other physical security measures

Work out which other physical security measures your organisation might need to address specific risks. Use the following examples to help you work out which physical security measures will best meet your specific requirements.