Physical security


Other physical security measures

Work out which other physical security measures your organisation might need to address specific risks.

Use the following examples to help you work out which physical security measures will best meet your specific requirements. (Note: This list is indicative not exhaustive.)


Used to

Hidden and/or fixed duress alarm

Address personnel safety concerns for reception areas and meeting rooms. May be of value for home-based workers

Individual duress alarm

Address personal safety concerns for personnel in the field or unpatrolled public areas

Individual item alarm and/or alarm circuit

Provide extra protection for valuable physical assets in your premises or physical assets on display

Vehicle alarm

Deter vehicle theft or theft of information and physical assets from vehicles

Two-person access system

Provide extra protection for extremely sensitive information

Vehicle safes

Deter theft of information and physical assets from vehicles

Vehicle immobilisation

Prevent vehicle theft

Front counters, and interview or meeting rooms

Restrict access by aggressive clients or members of the public

Allow regular meetings with clients or members of the public without accessing security areas

Mailrooms and delivery areas

Provide a single point of entry for all deliveries

Prevent mail-borne threats from entering a facility without screening

Technical surveillance counter and audio security

Reduce vulnerability to, or detect, the unauthorised interception of sensitive or protectively-marked information

Reduce vulnerability to electronic eavesdropping on sensitive conversations

Conference security

Prevent unauthorised people gaining access to protectively-marked information and ensure the proceedings are conducted without disruption 

Using vehicle immobilisation techniques

Vehicle immobilisation can reduce the loss of vehicles to theft. Vehicle immobilisation can be broadly divided into two types: automatic and remote.

With automatic immobilisation, a vehicle can be immobilised when not in use and requires a key or electronic token to start the vehicle

With remote immobilisation, a vehicle can be immobilised while in use and this technique is normally used along with a remote tracking and alarm system.

Protecting front counters, and interview or meeting rooms

If your people interact with the public or clients who may become agitated, your organisation must install measures to reduce the risks to their safety.

These measures might include:

  • a specialised front counter that limits or delays physical access
  • interview or meeting rooms monitored by guards or fitted with duress alarms (or both)
  • interview or meeting room desks that act as a barrier.

If your people regularly interact with clients or the public, consider establishing interview or meeting rooms that are accessible from your public areas.

Reducing threats to mailrooms and delivery areas

Mailrooms and parcel delivery areas are areas of significant risk from improvised explosive devices, and chemical, radiological, and biological attacks.

Your organisation must assess the likelihood of mail-borne attacks and, if warranted, apply suitable physical mitigations. For example:

  • mail screening devices
  • a standalone delivery area
  • a commercial mail receiving and sorting service.

For help to select mail and parcel screening and handling equipment that meets your needs, try HB 328:2009 Mailroom Security.

Educate and train your people

Make sure your people are aware of your mail handling policies and procedures.

You must give your mailroom staff training – they must know your mail handling procedures and how to use any screening equipment you have.

Using technical surveillance countermeasures and audio security

Technical Surveillance Countermeasures (TSCM) is a process used to:

  • survey facilities and detect any surveillance devices
  • identify technical security weaknesses that could be exploited (including controls such as locks, alarms, and electronic access control systems).

TSCM provide a high level of assurance that sensitive information is free from unauthorised surveillance and access.

TSCM is mainly a detection function that seeks to locate and identify covert surveillance devices:

  • before an event
  • as part of a programmed technical security inspection or survey
  • because of a concern following a security breach (for example, the unauthorised disclosure of a sensitive discussion).

When you must carry out a TSCM survey

Your organisation must carry out TSCM surveys for:

  • areas where TOP SECRET discussions are regularly held, or the compromise of other discussions may have a catastrophic business impact
  • before conferences and meetings where TOP SECRET discussions are to be held. 

Seek advice from the Government Communications Security Bureau (GCSB) before you carry out a survey.

Protecting sensitive talks in person or on the phone

To protect discussions about content that is protectively marked, your organisation must meet the logical controls in the New Zealand Information Security Manual - Telephones and Telephone Systems.

Managing security for conferences

Carry out a risk assessment before holding a conference to identify risks and mitigate them. If warranted, develop a specific conference security plan.

The aims of conference security should be to:

  • prevent unauthorised people gaining access to official information, protectively-marked information, or physical assets
  • protect the people attending the conference
  • protect property from damage
  • ensure the conference is not disrupted.

Also refer to Event security.

Page last modified: 3/02/2020