Physical security at multiple facilities
CASE STUDY |
Many large organizations with multiple facilities struggle to implement a consistent level of physical security across their entire enterprise. Recently, a large manufacturing organization with multiple plants across the United States faced a similar challenge of creating unified security policies. Each location’s physical security program was weak or incomplete, and policies varied widely from facility to facility. Recognizing the risks to the safety of its staff as well as to the integrity of its business processes, the organization reached out to RSM to identify physical security weaknesses at each of the locations and to develop a unified policy framework that would set a high security standard throughout the organization.
RSM performed a physical security assessment for the organization, and began by dispatching analysts to each location to determine what physical security policies and processes were in place. As part of this process, we evaluated each site using a customized set of security controls categorized into one of three separate security layers at each facility:
Outer: Area around the building, including fence lines and property perimeter. Do these areas sufficiently deter criminal activity? Are they monitored?
Middle: Grounds immediately surrounding the building. Can the facility be easily breached? Would someone attempting to gain access be detected?
Inner: Within the building itself. Do sensitive areas within the building receive extra protections? How is internal segmentation enforced?
Reviewing the controls in place at each separate security layer allowed RSM to provide an in-depth analysis of the physical security of each site.
We then analyzed the individual results and discovered several trends that represented key areas for improvement. For example:
- Doors at the sites were unlocked, unguarded and sometimes propped open during work hours.
- None of the sites were using badges to identify personnel, and most did not have any visitor check-in procedures in place.
- Security cameras at the sites were poorly maintained or were used to track business functionality without including separate cameras for security.
- Perimeter areas around the sites were inconsistently lit and included incomplete or broken fencing.
These results revealed that company culture and practice did not align with the organization’s security goals. Thus, most locations were not securely closed to the general public. Any person near the facility could gain access with minimal difficulty, putting information, resources, business processes and personnel at risk.
With many different physical security vulnerabilities present at each location, the organization faced a new challenge: what to fix first? Anticipating the client’s needs, we developed a tactical and strategic remediation plan for each location as well as a prioritized, three-phase strategy to improve security across the organization.
- Phase 1 included short-term, high-priority steps such as closing exterior doors that are commonly left open during facility operations and installing alarmed emergency exit doors at various locations.
- Phase 2 detailed longer-term plans for standardizing the organization’s visitor procedures, implementing personnel badges and badge readers for secure areas, and developing a security camera monitoring program.
- Phase 3 looked outward towards perimeter security and provided workable solutions for lighting, fencing, automated gates and ladder guards. RSM also provided strategies for hiring a security guard force and developing workplace violence and incident response training procedures.
Together these recommendations offered a clear, prioritized road map to address the root causes of security gaps and prevent them from reoccurring. To implement this plan, the organization took two key steps. First, they introduced a security program manager to oversee changes and draft new policies with our guidance. Second, upper management took a lead role in changing the corporate culture by actively supporting security initiatives. These steps ensured a smooth transition during the major shift to new practices and procedures. In this way, the client developed a consistent, repeatable approach to physical security for individual locations as well as the organization as a whole.
To ensure employee safety and protect business processes and technology, this large manufacturer focused on developing a unified physical security program that could be implemented at several locations across the United States. The three-phase plan offered by RSM identified a prioritized series of tactical and strategic steps to help the organization reach its desired state of security. By recognizing the risks of inaction and taking the initiative to reach out to RSM, this organization turned its unique challenge into an opportunity to build a mature physical security program from the ground up.