Your 7-Step Building Security Risk Assessment Guide

7.13.23 – SSI – Mike James 

It’s in your best interest to highlight security vulnerabilities and problem areas as openly and transparently as possible.

As a professional security systems integrator, the building owners and site managers you have close relationships with will often rely on you for expertise, advice and recommendations.

According to Abdalsam’s research, 75% of businesses consider physical security a top priority, while 60% of companies have experienced a security breach in the last five years, the average cost of which is estimated to be $100,000.

As it pertains to a building’s safety and security, it’s in your best interests to highlight vulnerabilities and problem areas as openly and transparently as possible, to ensure that all occupants and passersby are free from danger. It’s one thing to consider domestic security and disruption, but commercial premises safety requires a different approach.

As you likely well know, conducting a comprehensive security assessment is imperative to ensure that all of a building’s possible weak spots and entry points are addressed.

Conducting a Building Security Risk Assessment

Following the submission of a risk assessment report, site managers and building owners can develop the right strategies to mitigate risks. 

Ultimately, it may not be your responsibility to implement large-scale security recommendations other than that of your deployed equipment and integrated software. However, if you are able to educate building and site owners on how they can conduct a complete and conclusive security risk assessment, highlighting the processes and starting points, you will be going above and beyond to ensure optimum protection across the estate. 

Even if it’s out of your remit, consider educating your contacts about the benefits of conducting such an assessment, what the process entails and how they can get started by getting an audit done promptly and properly.

Why Conduct a Security Risk Assessment?

• Enhanced Security Preparedness

By conducting a security risk assessment, building owners can gain a deeper understanding of the potential physical security threats their property faces. This knowledge enables them to develop a proactive security strategy, enhancing preparedness and response capabilities, which is particularly valuable when the building is empty and physical safeguarding measures like secure fencing or barriers have not been considered.

• Identification of Vulnerabilities

A risk assessment helps identify weaknesses in a building’s security infrastructure, such as outdated technology, inadequate access control, blind spots, fire hazards, cramped spaces, lack of airflow or poor lighting. Identifying vulnerabilities allows for targeted improvements and reduces the risk of security breaches. 

While many of the hazards located inside and outside the premises may be obvious, such as working with machinery or chemicals, other risks may be less visible, which may prompt building owners to conduct an occupant or resident survey to ensure the assessment is thorough. 

• Legal and Regulatory Compliance

Building owners have a responsibility to comply with applicable security regulations and standards. Some compliance standards enforce physical security risks assessments, so if your organization operates under standards like ISO 27001, HIPAA, PCI DSS, or others, you will need to consult the services of a risk assessor that can conduct an assessment to confirm your legal, and regulatory and industry best practices. 

Ensuring that you understand the guidelines for information management, secure handling of sensitive data and ethical transmission of payments, you will be making a solid start in maintaining top-tier physical security. 

• Safeguarding People and Assets

A thorough risk assessment helps protect not only the physical property but also the people inside it. A site owner should not want to wait for a major threat to take place that endangers the building’s inhabitants, and ignoring such safety procedures would be a looming financial and reputational disaster, not to mention a decrease in client trust.

By addressing vulnerabilities and implementing appropriate security measures, building owners can create a safe environment for occupants and safeguard valuable assets. The recommendations can be made on a micro and macro level, providing site owners with affirmative data and information to make better strategic decisions on how to run their facilities.

The Security Risk Assessment Process

1. Establish objectives: Clearly define the objectives of the security risk assessment. What aspects of security do you want to evaluate? Are there specific areas of concern? Defining clear objectives will help steer the assessment process in the right direction.
2. Gather information: Collect relevant data about the building, its occupants, and incumbent security measures. This may include floor plans, incident reports, security system specifications, and access control records. A thorough understanding of the building’s layout and existing security infrastructure is essential to help identify how in-depth the assessment should be conducted.
3. Identify threats: Identify potential threats and hazards that may impact the building’s physical security, such as criminal trespassing, technological vulnerabilities and weather damage.
4. Assess vulnerabilities: Evaluate the vulnerabilities and information you have collated and assess their severity by importance. Look for areas where improvements can be made to improve the individual components as well as enhance the overall security of the structure.
5. Determine risks: Analyze the likelihood and potential impact of identified threats on the building’s security. This step helps prioritize risks and allocate resources effectively. Consider the probability of occurrence and the severity of potential consequences.
6. Develop mitigation strategies: Based on the identified risks, develop a comprehensive plan to mitigate security threats. This may include implementing enhanced building surveillance systems, patching technology, bolstering training programs, or revising emergency response protocols.
7. Implement and monitor: Put the mitigation strategies into action and continuously monitor their effectiveness. Regularly review and update security measures to adapt to changing threats and technological advancements.

Getting Started with a Security Risk Assessment

1. Consider involving third-party consultants or experts with experience in conducting professional physical security risk assessments. Their expertise can provide valuable insights and ensure a thorough evaluation of your building’s security, and consider aspects that you may have not considered.
2. Assemble a team that includes key stakeholders, such as building management, security personnel, and relevant department representatives. Collaboration and diverse perspectives will combine to create a more comprehensive assessment. This will also ensure that audits and reviews are conducted more regularly.
3. Establish a realistic budget and timeline for the security risk assessment and remediation process. Adequate resources and a clear timeframe will help ensure a thorough evaluation without unnecessary delays, and allow you to forecast sufficient cash flow and revenue to justify the expenditure.
4. Conduct periodic reviews of the security risk assessment findings and update them as needed. Risks and vulnerabilities may change over time, so regular reviews are essential to maintain effective security measures. Whether your building tenants and occupants change following the expiry of a lease, or whether you commission an extension or renovation, you will benefit by having a fresh perspective on your risk procedures.
5. Act upon the recommendations resulting from the security risk assessments. Don’t just conduct the assessments and let that be the end of the process. Allocate sufficient resources and prioritize the implementation of actionable and preventative measures based on their urgency and potential impact. Anticipating what might be needed ahead of time is vital for ensuring complete safety across the building.

Remember, a security risk assessment is an ongoing process. Building owners should periodically reassess their security measures to adapt to evolving threats and maintain a robust security posture.