Physical security
PHY039
Certifying and accrediting security zones
Certification and accreditation is the process for granting approval to operate a facility or specific security zone. This is a two step process where:
- Certification provides confirmation that the security controls specified in the design have been correctly implemented.
- Accreditation is the formal approval to operate and acceptance of any residual risks.
Accreditation is the responsibility of your organisation head but this may be delegated, typically to your Chief Security Officer (CSO).
Responsibility for certification should be assigned to someone appropriate in your organisation who is not responsible for accreditation. Typically this would be your Property Manager, or equivalent.
You must accredit your facilities from Zone 1 to Zone 5.This confirms that approval to operate has been given based on the certification requirements being met and any residual risks accepted.
Zone 5 areas used to access or discuss Sensitive Compartmented Information (SCI) or codeword information must also be accredited by the GCSB.
Certification requirements
The person certifying your facility or zone needs to sight and be satisfied with the following documentation.
Document needed |
Additional things to consider |
|
A threat assessment for the facility or zone |
This may be informed by external parties. For example, the NZ Police or NZSIS |
|
A security risk assessment for the facility or zone |
|
|
Site security plan |
|
|
Certification from the designer / installer that your alarm system:
|
Use of an alarm system in Zone 1 and Zone 2 is your organisation’s choice |
|
Certification from the designer / installer that your electronic access control system:
|
|
|
Has been installed as per the design and tested to ensure it operates correctly |
|
|
Certification that any additional controls have been correctly installed and tested to ensure they function correctly |
See Table 2 – Additional Controls |
|
Results of a site inspection |
For Zone 5 NZSIS will perform the site inspection |
Accreditation requirements
The person accrediting your facility or zone needs to sight and be satisfied with the following documentation.
Document needed |
Things to consider |
| Certification that the security controls specified in the security plan have been correctly implemented | For Zone 5 NZSIS will provide certification |
| Identification of any residual risks |
Table 2 - Additional controls
These physical security measures may be used to address specific threats. This list is not exhaustive.
Measure |
Specific risk addressed |
| Hidden and/or fixed duress alarm | Personnel safety concerns for reception areas and meeting rooms. May be of value for home-based workers. |
| Individual duress alarm | Personal safety concerns for personnel in the field or unpatrolled public areas. |
| Individual item alarm and, or alarm circuit | Provide additional protection to valuable physical assets in premises. Provide protection for physical assets on display. |
| Vehicle alarm | Deter vehicle theft or theft of information and physical assets from vehicles. |
| Two-person access system | Protection of extremely sensitive information. |
| Vehicle safes | Deter theft of information and physical assets from vehicles. |
| Vehicle immobilisation | Prevent vehicle theft. |
| Front counters and interview or meeting rooms | Restrict access by aggressive clients or members of the public. Allow interactions without accessing security areas. |
| Mailrooms and delivery areas | Provide a single point of entry for all deliveries. Control mail-borne threats from entering a facility without screening. |
| Technical surveillance counter and audio security | Reduce vulnerability to, or detect, the unauthorised interception of sensitive or protectively marked information. Reduce vulnerability to electronic eavesdropping on sensitive conversations. |
| Conference security | Extra measures taken for a conference to prevent unauthorised people gaining access to protectively marked information and ensure the proceedings are conducted safely and without disruption. |
Page last modified: 2/10/2018
