Perimeter Security & Risk Assessment
The aim of securing premises, in principle, is based on being able to prevent losses, while not hindering day-to-day business. This is to be achieved within a budget that, according to the accountants, should be as low as possible, because it does not “contribute” to the business and simply removes profit from the bottom-line figure. However, this does not bear any resemblance to the real world. Security, whether physical measures or manpower, is not cheap, so the answer is to ensure that it is kept proportionate to the related risk.
A risk assessment should be undertaken as this will help quantify what is required to help the business operate in a normal manner. While good security may not visibly contribute to the profitability of a business, the losses and disruption of inadequate security will have cost implications if it disrupts or stops the business operations. Security risk assessments should focus on all threats to the business. A common risk for any business is theft and criminal damage, including arson. However, depending on the nature of the business, there can be other threats, including business espionage, sabotage, activists.
When conducting a security risk assessment, the recommended model is often referred to as the ABC model ― Area, Boundary and Contents.
Area
Take a look at the surroundings of the site. Considerations include the neighbourhood. Are other businesses in the area better protected, making your site an easier target? Is it a residential area and, if so, is it a deprived area, which may mean more opportunist thieves? What is the accessibility of the area? Proximity to motorway networks may be beneficial for deliveries to and from your business, but they also provide fast escape routes and can also entice thieves.
Boundaries (larger sites, usually multiple buildings)
Examine the physical perimeter of the site, taking into consideration what is on the exterior side of the perimeter and whether this would hinder or assist a would-be intruder. Where the adjoining land belongs to another premises, either business or residential, consider how easy it would be to access their land in addition to your site’s perimeter. Where there is vegetation adjacent to the boundary, the type is important to your assessment: thick bushes and trees can provide cover for an intruder; thick bramble-type bushes would be a deterrent. It is also important to consider how the vegetation differs through the seasons.
Where the boundary is adjacent to public highways or open land, consideration should be given to whether there is the ability to park a vehicle immediately next to the perimeter, where the vehicle can be used for assistance in climbing over, as well as reducing the distance required to carry stolen goods and allowing a quick escape. Bollards or similar obstructions can be considered, either to prevent parking adjacent to a perimeter, or where there is a risk of a vehicle ramming into the wall/fence in order to breach it. When recording details of perimeter walls and fences, check the height, taking into consideration any unevenness of the ground, with the effective height being measured at the point where there is the shortest distance between the ground and the top of the barrier. Look out for overhanging tree branches, decorative brickwork, and anything fastened to the wall/fence protruding through it or adjacent to it that could be used as a foot hold, e.g. piled-up pallets.
You should also look for unprotected dips in the ground, which could allow access under a fence. Any climbing deterrents should also be recorded, e.g. razor wire, electric fences,rotating spikes, anti-climb paint. The assessment should also record any security monitoring devices, e.g. fence-mounted sensors, underground movement sensors, infra-red beams, microwave beams, passive infra-red sensors.
Boundaries (individual buildings)
It is important to examine the perimeter security of individual buildings. For some small sites, the perimeter of the building may also be the boundary of the area to be secured, e.g. an office block in a city centre, or the building may be surrounded by a piece of land that cannot practically be secured. Irrespective of this, the physical security of the building should be assessed with consideration given to how secure doors and windows are, in addition to climbing aids, which can allow access to upper-level windows or roofs.
The risk associated with any opening, irrespective of size, should be considered ― while small openings, such as letter boxes and ventilation grills, may be too small for a person to enter, they can be used to hook a handle to open a window or door, or be used in order to damage property, i.e. arson. The surrounding area should be examined for items that could be used as climbing aids, especially the storage of any ladders on site. Internal security measures, e.g. intruder alarms, safes, etc should be considered as part of your risk assessment.
The human factor should also be considered: loss of keys or access cards; and employees and visitors using fire exits, such as somebody briefly exiting a building in order to smoke, and either allowing somebody to enter while they are outside, or not securing the door when they re-enter the building.
The types of questions you should be considering include the following:
- Is it in good condition?
- Is it adequate?
- Is there enough lighting?
- Is it clear of scaling aids?
- Is it legal?
- What do they look on to?
- What looks on to it?
- What about CCTV?
- What about doors and locks?
- How many do we have?
In addition to physical boundaries, this is also a suitable time to consider other deterrents, whether purpose-designed security measures or coincidental factors. The most obvious deterrent would be an on-site security presence. This could be patrolling security personnel, including security dog handlers, or it could be active monitoring using CCTV and/or any of the previously mentioned detection methods. Coincidental factors would be any on-site operations that, while not taking place for the specific purpose of securing the site, increases the risk to a would-be intruder and hence has a deterrent factor. A typical example of this would be where a site operates round the clock. When taking such factors into consideration, you would have to establish whether these factors were continuous, e.g. seven days per week and any seasonal breaks.
Contents
For this part of the assessment, you should be considering the value of items, both in terms of financial value and the cost and impact to business operations of a loss. For example, a high-specification laptop stolen from an office, with all data stored on a central server, could be replaced within hours (or sooner if a spare was available) with minimal inconvenience to the business, and the only cost being that of a replacement laptop. As an alternative, the theft of a computer, which controls a production line and may have bespoke interface, may only have a nominal value to the actual hardware, however the impact on production could cost a company tens of thousands of pounds. In these scenarios, mitigating factors such as insurance and/or business continuity arrangements can be factored in.
When assessing equipment, materials and end products, consideration should be given to portability, value and ability to sell on, e.g. if you use products that are small, expensive and can be sold easily “in the pub”, then you have a higher risk of theft. Where there is a large market for items, which can be removed easily from the premises, this is likely to lead to recurrent break-ins. Just because items are larger and more difficult to transport, it does not mean there is a reduced likelihood of a break-in. If the financial reward is available, the criminal will work out a method of removing goods.
During any risk assessment, it is useful to speak to employees and contractors on site. They can often highlight known problems, of which management may not necessarily be aware. They may highlight weak points in the perimeter protection that are not immediately obvious, and may also be able to give information about previous intrusions and thefts. Discussions about deliveries and stock levels might also highlight abnormal occasions where an informed criminal would have the opportunity for higher gains. Such discussions should take place with an element of caution, with the person conducting the risk assessment being careful to extract as much information as possible, without themselves highlighting opportunities, which may then be used against the company.
Having established the data, the risk assessment can then be produced, accounting for the probability of someone attempting to gain access to the site, the likelihood that they will manage to get on site, and an assessment of potential company losses, both direct and indirect. This will help decide whether current security protection is satisfactory or whether additional measures are desirable, with this based on a cost benefit analysis.
Where you wish to make recommendations for improving the security of the site following the risk assessment, you may find it useful to read the British Standards covering security hardware, e.g. fences, locks, CCTV and intruder alarm equipment. You should also consider whether any alterations to boundary walls and fences would be restricted by local authority planning regulations.