Physical security
-
Specific security measures
- Using NZSIS-approved products
- Perimeter access controls
- Building construction
- Alarm systems
- Individual alarm options
- Access control systems
- Alarm system and other building management systems interoperability
- Locks, key systems, and doors
- Closed-circuit television
- Security lighting
- Security containers and cabinets
- Secure rooms, safes, and vaults
- Visitor control
- Receptionists and guards
- Other physical security measures
PHY035
Other physical security measures
Work out which other physical security measures your organisation might need to address specific risks.
Use the following examples to help you work out which physical security measures will best meet your specific requirements. (Note: This list is indicative not exhaustive.)
Measure |
Used to |
Hidden and/or fixed duress alarm |
Address personnel safety concerns for reception areas and meeting rooms. May be of value for home-based workers |
Individual duress alarm |
Address personal safety concerns for personnel in the field or unpatrolled public areas |
Individual item alarm and/or alarm circuit |
Provide extra protection for valuable physical assets in your premises or physical assets on display |
Vehicle alarm |
Deter vehicle theft or theft of information and physical assets from vehicles |
Two-person access system |
Provide extra protection for extremely sensitive information |
Vehicle safes |
Deter theft of information and physical assets from vehicles |
Vehicle immobilisation |
Prevent vehicle theft |
Front counters, and interview or meeting rooms |
Restrict access by aggressive clients or members of the public Allow regular meetings with clients or members of the public without accessing security areas |
Mailrooms and delivery areas |
Provide a single point of entry for all deliveries Prevent mail-borne threats from entering a facility without screening |
Technical surveillance counter and audio security |
Reduce vulnerability to, or detect, the unauthorised interception of sensitive or protectively-marked information Reduce vulnerability to electronic eavesdropping on sensitive conversations |
Conference security |
Prevent unauthorised people gaining access to protectively-marked information and ensure the proceedings are conducted without disruption |
Using vehicle immobilisation techniques
Vehicle immobilisation can reduce the loss of vehicles to theft. Vehicle immobilisation can be broadly divided into two types: automatic and remote.
With automatic immobilisation, a vehicle can be immobilised when not in use and requires a key or electronic token to start the vehicle
With remote immobilisation, a vehicle can be immobilised while in use and this technique is normally used along with a remote tracking and alarm system.
Protecting front counters, and interview or meeting rooms
If your people interact with the public or clients who may become agitated, your organisation must install measures to reduce the risks to their safety.
These measures might include:
- a specialised front counter that limits or delays physical access
- interview or meeting rooms monitored by guards or fitted with duress alarms (or both)
- interview or meeting room desks that act as a barrier.
If your people regularly interact with clients or the public, consider establishing interview or meeting rooms that are accessible from your public areas.
Reducing threats to mailrooms and delivery areas
Mailrooms and parcel delivery areas are areas of significant risk from improvised explosive devices, and chemical, radiological, and biological attacks.
Your organisation must assess the likelihood of mail-borne attacks and, if warranted, apply suitable physical mitigations. For example:
- mail screening devices
- a standalone delivery area
- a commercial mail receiving and sorting service.
For help to select mail and parcel screening and handling equipment that meets your needs, try HB 328:2009 Mailroom Security.
Educate and train your people
Make sure your people are aware of your mail handling policies and procedures.
You must give your mailroom staff training – they must know your mail handling procedures and how to use any screening equipment you have.
Using technical surveillance countermeasures and audio security
Technical Surveillance Countermeasures (TSCM) is a process used to:
- survey facilities and detect any surveillance devices
- identify technical security weaknesses that could be exploited (including controls such as locks, alarms, and electronic access control systems).
TSCM provide a high level of assurance that sensitive information is free from unauthorised surveillance and access.
TSCM is mainly a detection function that seeks to locate and identify covert surveillance devices:
- before an event
- as part of a programmed technical security inspection or survey
- because of a concern following a security breach (for example, the unauthorised disclosure of a sensitive discussion).
When you must carry out a TSCM survey
Your organisation must carry out TSCM surveys for:
- areas where TOP SECRET discussions are regularly held, or the compromise of other discussions may have a catastrophic business impact
- before conferences and meetings where TOP SECRET discussions are to be held.
Seek advice from the Government Communications Security Bureau (GCSB) before you carry out a survey.
Protecting sensitive talks in person or on the phone
To protect discussions about content that is protectively marked, your organisation must meet the logical controls in the New Zealand Information Security Manual - Telephones and Telephone Systems.
Managing security for conferences
Carry out a risk assessment before holding a conference to identify risks and mitigate them. If warranted, develop a specific conference security plan.
The aims of conference security should be to:
- prevent unauthorised people gaining access to official information, protectively-marked information, or physical assets
- protect the people attending the conference
- protect property from damage
- ensure the conference is not disrupted.
Also refer to Event security.
Page last modified: 3/02/2020