A physical security checklist is a tool used to assess the vulnerability a facility has to certain threats. And while it can be useful, many times companies rely too heavily on it as an accurate portrayal of the full security situation. Two of our Pinkertons, Jason Porter, Vice President, Central USA Region, and James McClain, Vice President, West Coast USA and LATAM, warn that basing your physical security strategy on the checklist results could lead to a false sense of security.
“A full security assessment looks at three main areas, ” says Porter. “They are overall threat, vulnerability and potential business impact. The result is a holistic view of a company or facility’s security risks. A physical security checklist can be a useful tool as part of this assessment and in developing a facility risk management plan, but should not be the only one used.”
A checklist only takes into account 1/3 of the assessment equation: vulnerability. It can be used to find deficiencies in the security operation and physical elements that could be exposing the company to risks. However, Porter explains how it can miss some relatively obvious risk elements.
“A checklist won’t take into account crime statistics, for example. So, a company could run through its checklist and see that everything checks out. However, they won’t take into account outside crime elements that could target a facility. The likelihood of that occurring is addressed in a full assessment, not a checklist.”
“Take, for example, cameras, ” says McClain. “The checklist will ask if cameras are installed and operational. The box is checked ‘yes” and for many companies, that’s it. But, we would ask a lot more questions such as, “how are the cameras positioned? How long is the time period before recorded video is overwritten? Who is viewing the video and what training have they had to spot issues?” Answers to these questions, and many others, will give a much more holistic view of the security situation.”
Imagine this scenario: you are hired as a facility manager for an existing warehouse operation. You are given a physical security checklist to use to determine how secure the facility is. You run through it and the result is that it seems your facility checks out well. Everything is good, right? Not according to McClain.
“My first question would be, who developed the checklist? Many times we’ve seen that they are developed by someone who had a vested interest in the checklist returning positive results so that their job is secure. Another common occurrence is that the checklist is quite dated and hasn’t been updated to take into account new security risks.”
“As we always say, ‘the top risks of today didn’t exist two years ago, and the top risks two years from now don’t exist today.’ If a checklist is that old, or older, it’s not going to give you an accurate overall picture of what’s going on. A false sense of security is a dangerous outcome.”
Physical security checklists can be found all over the Internet and many times, people will adapt them to their own facilities. The issue is that the original list may not be comprehensive enough or not based on real security industry expertise. “The biggest issues with a checklist you’ve found on the internet is reliability, ” says Porter. “It’s likely you won’t know who created it and how long ago. Do they have a professional security background? I caution anyone considering using a checklist found on the internet to be very wary.”
Perhaps the biggest issue with using a physical security checklist is that many times, too much is based on the results.
“We’ve seen companies base their whole security strategy for a facility based mostly on what was discovered with the checklist, ” says McClain. “This is quite the reverse of what we do. Everything starts with a security strategy development and a checklist is just one of many tools used to implement that strategy.”
Pinkerton’s stages of developing an organization’s security strategy starts with an assessment that provides a holistic view of the security situation. The planning stages take into account business goals, performance indicators, business climate, unique regional security threats, past events, personnel and many other factors.
“We will use a checklist but only as a way to get a snapshot of the security situation, ” says Porter. “It will reveal physical areas of vulnerability that should be addressed and that is a help. But for ongoing security, a more thorough plan has to be developed that will help prevent issues for the future.”
McClain compares the use of a physical security checklist to that of a carpenter using a hammer. “He will use a hammer for a very specific task…hammering nails. But just knowing how to use a hammer doesn’t mean you can build a building; you have to have plans along with knowledge of other systems and how they work together.”
Learn more about Pinkerton’s Security Risk Assessment Services.