Physical security


Operate and maintain to stay secure

It is important to operate and maintain your security measures appropriately, so they continue to provide the protection you need.

PHYSEC4 - Keep your security up to date

Ensure that you keep up to date with evolving threats and vulnerabilities, and respond appropriately. Ensure that your physical security measures are maintained effectively so they remain fit for purpose.

Raise awareness of your physical security measures

An important part of maintaining security is providing security awareness training and support.

Let your people know about any security risks that may affect their personal safety or security.

Communicate your physical security policies to your people and to the people your organisation works with. Let them know when physical security arrangements change, and, when possible, say why.

Encourage your people to report emerging concerns or near misses as part of being good corporate citizens (rather than troublemakers). Make sure they know that if they respond to a security incident, they shouldn’t do anything that unreasonably jeopardises their personal safety.

Give each employee a summary of your emergency and security procedures.

Analyse evolving threats and vulnerabilities

Keeping your people, information, and assets secure involves ongoing activity to detect and manage evolving threats and vulnerabilities.

To manage your vulnerabilities in your physical security, take the following action.

  • Monitor your systems, assets, and people.
  • Observe events and processes to detect suspicious or unauthorised events.
  • Be proactive to stay on top of vulnerabilities or weaknesses in your layers of security.
  • Assess your security measures against best practice and known security threats.
  • Analyse, prioritise, and report on vulnerabilities that pose the most immediate risk to your organisation.
  • Apply and track fixes to completion.

Keep your physical security measures up to date

To be effective, your physical security measures must reflect your actual risks. Stay up to date and prepared by:

  • proactively maintaining your user access control systems (for example, by testing duress alarms and checking batteries every 6 months)
  • testing your procedures to ensure they are fit for purpose.

Respond to physical security incidents

You need to manage security incidents well to reduce their impact. Aim to both reduce the impact of any incident and recover quickly.

Responding to security incidents should be part of your security plan.

Respond and recover

When an incident happens, follow your processes for responding to the incident. Act quickly to reduce the impact, and help your organisation recover as quickly as possible. You might also need to restore the confidence of anyone who has been affected by an incident.

Record and assess

Record the details of any incident or near miss, and assess the degree of compromise or harm.


Make sure you communicate security incidents to the affected parties and any relevant authorities. You might need to warn people to avoid further harm or report on the incident.

Investigate, act if necessary, and learn

After a security incident, you need to investigate. If necessary, take further action. Make sure your organisation learns from the incident, so you can improve your security measures.

Transport physical assets securely

When your physical assets are transported outside your premises, you must protect them in line with  the potential business impact of loss, compromise, or damage.

Most physical assets are more at risk from theft during transport than when they’re housed in your facility. Seek advice from your insurers to help you develop robust processes.

Consider control measures such as escorts or guards, or employing secure transport specialists.

Page last modified: 2/10/2018