Physical security
-
Understand the physical security lifecycle
- Understand what you need to protect
- Assess your physical security
- Design physical security early in your processes
- Implement your physical security measures
- Validate your physical security measures
- Operate and maintain to stay secure
- Review your physical security measures regularly
- Retire information and assets securely
PHY005
Take a risk based approach
Your organisation’s unique context and potential threats determine which physical security measures you need.
When you take a risk-based approach, you can ensure your physical security measures are right for your organisation.
Identify what you need to protect
Identify the people, information, physical assets, and functions that you need to protect. Then determine the threats facing your organisation. Include threats within New Zealand and abroad (if you have overseas interests).
You need to fully understand the value and sensitivity of your information and assets to accurately assess your physical security risks.
Assess the impact of breached security
Use the Business Impact Levels (BILs) to assess the potential impact if your people, information, or assets were harmed, compromised, or unavailable. For example:
- if customers were aggressive to your people
- if your organisation’s property was stolen
- if someone tampered with your security system and gained unauthorised access to your office out of hours
- if someone gained unauthorised access to your premises and stole valuable information.
For every threat scenario, consider the risks to:
- the public
- your people, property, operations, reputation, finances, or business processes
- New Zealand as a whole.
For more information see:
- Applying Business impact levels
- ISO 31,000:2018 - Risk management - Guidelines
- HB 167:2006 - Security Risk Management - Handbook
Page last modified: 4/05/2022