Physical Security Audit Checklist

A physical security audit is essential for assessing the effectiveness of security measures in protecting a facility, its assets, and its occupants. Regular audits help identify vulnerabilities and ensure compliance with security policies. Below is a comprehensive checklist you can use for a physical security audit with eAuditor.

Physical Security Audit Checklist

**1. Preparation:

• Gather Tools:
  • Ensure you have the necessary tools, including a flashlight, camera, notepad, and any access keys or codes required.
• Review Security Policies:
  • Familiarize yourself with the facility’s security policies and procedures before beginning the audit.
• Notify Relevant Personnel:
  • Inform relevant personnel about the audit and ensure you have access to all areas that need inspection.

**2. Perimeter Security:

• Fencing and Barriers:
  • Inspect perimeter fencing for any damage, gaps, or signs of tampering.
  • Ensure that barriers, such as bollards or walls, are intact and effectively prevent unauthorized access.
• Gates and Access Points:
  • Check that all gates are secure, functional, and equipped with proper locks or access control systems.
  • Test automatic gates to ensure they operate correctly and close securely.
• Lighting:
  • Verify that perimeter lighting is sufficient to deter intruders and is functioning properly.
  • Ensure that motion-activated lights are working and cover all vulnerable areas.
• Signage:
  • Check for clear and visible signage indicating restricted areas, security policies, and emergency contact information.

**3. Entry and Exit Points:

• Main Entrances:
  • Inspect main entrances for secure locks, access control systems, and functioning intercoms or cameras.
  • Ensure that entry points are monitored by security personnel or surveillance cameras.
• Secondary Entrances:
  • Check secondary entrances for proper locking mechanisms and ensure they are not being used for unauthorized access.
  • Verify that emergency exits are secure but easily accessible in case of an emergency.
• Visitor Management:
  • Review the visitor management process to ensure all visitors are properly documented, and visitor badges are issued.
  • Verify that visitors are escorted in secure areas and that their access is restricted as necessary.
• Access Control Systems:
  • Test access control systems (e.g., keycards, biometric scanners) to ensure they function correctly and that access logs are maintained.
  • Review access permissions to ensure they are up to date and reflect the current roles and responsibilities of employees.

**4. Surveillance Systems:

• CCTV Cameras:
  • Inspect all CCTV cameras to ensure they are functional, properly positioned, and provide clear coverage of key areas.
  • Verify that cameras are recording footage and that footage is stored securely for the required retention period.
• Monitoring Stations:
  • Check that security monitoring stations are manned by trained personnel and that live feeds are actively monitored.
  • Ensure that monitors, DVRs, and other recording equipment are functioning correctly.
• Blind Spots:
  • Identify and document any blind spots not covered by CCTV cameras and assess whether additional cameras are needed.
• Camera Maintenance:
  • Ensure that all cameras are clean, free from obstructions, and regularly maintained to prevent malfunctions.

**5. Interior Security:

• Doors and Windows:
  • Inspect all doors and windows to ensure they are secure, with functioning locks and no signs of tampering.
  • Verify that windows in sensitive areas are reinforced or equipped with security film to prevent break-ins.
• Sensitive Areas:
  • Check access to sensitive areas (e.g., server rooms, document storage) to ensure they are properly secured and restricted to authorized personnel.
  • Review the security measures in place for sensitive areas, such as alarms, surveillance, and access control.
• Alarm Systems:
  • Test alarm systems to ensure they function correctly and that alerts are promptly responded to by security personnel.
  • Verify that panic buttons and duress alarms are accessible and in good working order.

**6. Employee Security Awareness:

• Security Training:
  • Review records to ensure all employees have received adequate security training and are aware of the facility’s security policies.
  • Assess employee awareness of procedures for reporting suspicious activity or security breaches.
• Badge and ID Checks:
  • Verify that employees are wearing their ID badges at all times and that badges are up to date and properly issued.
  • Check that temporary or contractor badges are monitored and collected after use.
• Tailgating Prevention:
  • Observe entry points to ensure that tailgating (unauthorized entry by following an authorized person) is being prevented.
  • Assess the effectiveness of physical barriers or access control measures in preventing tailgating.

**7. Emergency Preparedness:

• Emergency Exits:
  • Inspect emergency exits to ensure they are clearly marked, unobstructed, and accessible.
  • Test exit alarms and emergency lighting to ensure they function correctly.
• Evacuation Plans:
  • Review evacuation plans to ensure they are up to date and posted in visible locations throughout the facility.
  • Check that all employees are familiar with evacuation routes and procedures.
• Emergency Drills:
  • Verify that regular emergency drills are conducted, and assess the effectiveness of these drills in preparing staff for emergencies.
• First Aid and Safety Equipment:
  • Inspect first aid kits, AEDs (Automated External Defibrillators), and fire extinguishers to ensure they are accessible, fully stocked, and functional.

**8. Document and Asset Security:

• Document Storage:
  • Check that sensitive documents are stored securely, such as in locked cabinets or safes, and that access is restricted to authorized personnel.
  • Review document disposal procedures to ensure sensitive information is shredded or destroyed before disposal.
• Asset Inventory:
  • Verify that an up-to-date inventory of all valuable assets is maintained and that assets are securely stored when not in use.
  • Inspect asset tracking systems, such as RFID tags or barcodes, to ensure they are functioning correctly.
• Data Security:
  • Review the security of electronic data storage, including encryption, access controls, and backups.
  • Ensure that physical access to servers, computers, and other electronic devices is restricted to authorized personnel.

**9. Vendor and Contractor Security:

• Vendor Access:
  • Review procedures for granting access to vendors and contractors, ensuring they are properly vetted and escorted when in secure areas.
  • Check that vendor and contractor access is limited to the areas necessary for their work and that access is promptly revoked when no longer needed.
• Background Checks:
  • Verify that background checks are conducted for all vendors and contractors who will have access to sensitive areas or information.
• Security Agreements:
  • Ensure that vendors and contractors have signed security agreements outlining their responsibilities and the security measures they must follow.

**10. Final Checks and Documentation:

• Overall Security Assessment:
  • Conduct a final review of the overall security posture, noting any vulnerabilities or areas for improvement.
  • Address any immediate security concerns or breaches identified during the audit.
• Documentation:
  • Use eAuditor to document all audit findings, including any issues, recommended actions, and follow-up tasks.
  • Take photos of any security breaches, damaged equipment, or areas of concern for reference.
• Generate Report:
  • Create a comprehensive report summarizing the audit findings, including any vulnerabilities, corrective actions, and timelines for implementation.
  • Share the report with relevant stakeholders for review and action.

Using eAuditor for Physical Security Audit:

• Create Digital Checklists: Input the above Physical Security Audit checklist into eAuditor to streamline the audit process.
• Real-Time Data Entry: Auditors can use eAuditor on their mobile devices to complete the Physical Security Audit checklist, record findings, take photos, and add notes.
• Track Issues: Use eAuditor to document any security vulnerabilities or issues found during the Physical Security Audit and assign action items for resolution.
• Generate Reports: After the audit, generate a detailed report summarizing the findings, including any vulnerabilities and recommended corrective actions.
• Review and Improve: Share the report with relevant stakeholders for review and use the insights to continuously improve the facility’s physical security measures.

This checklist will help ensure that all aspects of physical security are thoroughly audited, vulnerabilities are identified, and necessary improvements are made to protect the facility and its assets.