© 2020 RSM US LLP. All rights reserved.
Physical Security Risk Assessment
By taking a risk-based approach to assessing physical security, you can focus your efforts and realize the greatest return on investment for your security initiatives and expenditures.
All organizations face some degree of physical threat, whether from crime, natural disasters, technological incidents or human error. Additionally, organizations with multiple facilities often struggle to standardize and optimize physical security. Physical security should be tailored to actual risk to increase its effectiveness. Determining risk factors that affect a particular facility or asset enables your organization to enhance the return on investment from the time and money spent on remediation efforts.
A physical risk assessment can help determine the correct level of technology and the appropriate processes to implement to mitigate these risks. RSM evaluates the natural, technological and manmade threats speciﬁc to each in-scope location based on client interviews, open source intelligence gathering, comprehensive crime statistics and government data sources. These threats are then placed in your specific context according to probability, frequency and impact, as well as the presence and effectiveness of controls designed to counter them. ASIS International, an organization of security professionals, has stated that context and risk assessment are the foundations of:
- Protecting an organization’s assets including people, tangible assets of a physical nature, and intangible assets that are intellectual and abstract (such as company reputation)
- Understanding the relative exposure of risk for current and planned activities
- Complying with law and regulations
- Identifying reasonable control measures needed to treat risk and their associated benefits
This helps generate a risk proﬁle for each site, allowing risk to be viewed across the enterprise to create a tactical and strategic road map for addressing gaps. If necessary, this road map can align with a client-speciﬁed framework to assist your organization in meeting its regulatory requirements.
The tests reflect the insights of our physical security team, whose members have held positions in ﬁnancial services security, military intelligence, community emergency response and security auditing. This experience gives our team the ability to pinpoint gaps in physical security controls and recommend improvements that support your business goals.