Use this checklist to evaluate your physical security risk, and what you can do to prevent break-ins, harm to employees, legal liability, and security breaches.
- Building is surrounded by intact fence (no holes, gaps, streams under fence, etc.)
- Clear zone of at least 20’ exists both inside and outside of entire fence
- Fence is monitored by security cameras and/or guards
- Fence is inspected regularly (how often _____________)
- No vegetation (where someone could hide) grows within 20’ of building perimeter
- Area within 20’ of building perimeter is well lit at night with lights that (1) have auxiliary power source and (2) turn on automatically at dusk
- Parking area is monitored by security cameras and/or guards
- Parking area is well lit at night
- Electricity received from two separate substations or, better, two separate power plants
- Phone/network connectivity is available from multiple providers
- Power/phone/network lines are underground, if possible
- Water is available from multiple sources (including well)
- Dumpsters contain no sensitive trash and are monitored by cameras
- Alarm system is monitored, regularly tested, and has auxiliary power source
- Alarm panel is secured behind locked door
- Alarm panel offers a duress code
- Generator(s) are alarmed
- Building is protected by fire alarm and sprinkler system.
- Fire detection equipment is inspected and regularly tested.
- Contact information for fire / burglar alarm companies is easily accessible
For Each Exterior Door or Gate
- Closes securely and does not need repair
- Outside hinges hidden/protected from vandalism
- Ideally requires automated unique identifier to open (swipe card, badge, retina, fingerprint).
Less ideal: key access, shared code access
- If keys exist, they’re all stamped with “Do Not Duplicate”
- Access is disabled when an employee leaves the company. If key-based, locks are changed
- Automatically locks when closed, but still able to open from the inside.
- Will sound alarm if propped open or if employees should not be using during business hours
- Alarmed during non-business hours
- Monitored by a receptionist, security guard, etc. during business hours
- Monitored by a monitored/recorded security camera
- If regularly left open, secured from the inside with a locked gate
- Well lit from the outside at night
- All exterior windows (esp. on first floor) alarmed and protected with locks/mesh.
- Roof access (doors, skylights) securely locked from the inside and alarmed.
- Basement doors / man-sized ducts are securely locked from the inside and alarmed.
Each Work Area
- Visitors are controlled through a combination of visitor badges, visitor logs, and constantly being escorted. Visitors cannot access work areas without these measures.
- Employees are trained to greet any unknown visitors
- Computers are marked with clear asset tags and/or engravings
- Computers provide information before login about who to contact if lost or stolen
- Computers are physically locked to work areas
- Computers are not visible from first floor windows and monitors are turned off overnight (to suppress monitor glow)
- Computer are plugged into surge protection devices
- Sensitive paper records are either kept in locked file cabinets or are shredded
- Areas with key paper records are protected by fire detection and sprinkler systems
- Cleaning staff always work in groups of two
- Each work area has fire extinguishers which are periodically inspected/tested
- Fire alarm systems are tested periodically through live drills
- Building is equipped with multiple staircases, fire stairwells and/or fire escapes
- Any areas with drop ceilings prevent access to sensitive areas (e.g., wire mesh)
- Sensitive areas don’t allow access (e.g., air ducts, drop ceilings) from public areas
- Emergency lighting exists in the event of a power outage
- Floors are clear of wiring, or wiring is permanently attached to floor
- Outlets are not overloaded with cords
- The key controls listed in this checklist are explained in employee training and policy
Each Computer Room
- No window to the outside (unless required for fire laws)
- No more than two doors, all fireproof, all close securely and not in need of repair
- Doors are controlled by automatic authentication with limited number of people who access.
- Door hinge pins are concealed or welded to prevent removal from outside.
- Doors have signage indicating restricted access, food/drink/smoking not allowed
- Room has access to redundant power, network, and cooling
- The temperature is kept between 55-75% and humidity is between 20-80% and is automatically monitored
- Protected by total flooding agent (e.g., halon) sprinkler system (NOT wet sprinkler system)
- Room has sufficient fire extinguishers
- Room has emergency power off switches
- Systems are protected by UPS and/or generator for no less than 24 hours.
- Contract is in place for a week’s worth of fuel on demand.
- Emergency power is regularly tested.
- Cleaning staff are never left unattended in room.
- Room is alarmed after hours.
- Computer room is not located under any plumbing or rooms with water.
- Smoke and heat alarms are installed inside and directly outside computer room.
- Computer room has manual fire alarms.
- Emergency lighting in the event of a power outage
- Servers are physically locked within the computer room.
- Computers are marked with clear asset tags and/or engraving
Still feeling a bit overwhelmed?
Get some free help! Check out our free Information Security Policy template for ways to make your firm safe and compliant.
Talk to us!
Have questions or feedback? Please share them in the comments below.
Like this article? Share it!