Physical Site Security Consultancy
Many companies spend considerable resource on physical site security for their manufacturing facilities and office locations to reduce the risk of malicious attack, theft and to protect their staff. However, many companies never test their systems to ensure they are effective.
Similarly, significant time, money and effort is spent developing policies and procedures to ensure the manufacture of safe, quality products; all this is rendered useless if criminals, terrorists, activists or “fixated individuals” can gain access and contaminate or steal your products due to ineffective security measures; posing safety threats to your staff at the same time.
Physical security vulnerabilities can expose your company, your customers, your staff, products and service delivery capability to unacceptable levels of risk. Our security specialists will challenge your security vulnerabilities and ensure gaps are plugged prior to a real attack through a variety of services as outlined below.
Carry out surveillance of the site, monitor shift changes, deliveries and report on gaps in security capability. Some intelligence may also be gained via social engineering e.g. “chatting” to drivers, security personnel informally. This is carried out external to the site. A full report with recommendations will be provided following the reconnaissance. Note this may be “stand alone” or carried out as part of a Site Penetration exercise (below).
This service follows the reconnaissance, whereby the RQA security specialists now challenge the physical site security and attempt to gain access to agreed areas of the facility and achieve pre-defined assignment objectives; see below:
- Assignment objectives: Agreement with the client regarding parameters, aims and objectives. Typical objectives include:
- Gain access to board room or server room
- Gain access to building roof
- Gain access to staff restaurant
- Gain access to trading floor
- Plant “dummy device”
- Gain access to production line or chemical store (e.g. manufacturing sites)
- Gain access to restricted areas or back of house (including corporate events where commercially sensitive material is discussed)
- Pre-Deployment: Web-based research into the company, the site and its surrounding area will be carried out.
- Surveillance: The team (usually 2 or 3 people) will proceed to site and carry out external surveillance of entry/exit activity, shift changes, perimeter, access control etc. Identify gaps in physical security and opportunities for security breach. Surveillance is usually split across shift changes.
- Penetration: The team will attempt to enter the site by exploiting gaps identified in the surveillance phase. Operatives will be compliant and carry agreed proof of identity in case of detection. Other members of the team will remain external to the site for support and back-up.
- Reporting: Following the penetration, a report will be prepared that will identify security gaps in relation to prevention of unwanted breach. Other security-related risks may also be identified with recommendations highlighted in order of priority. Where requested / possible photographs will be included in the report.
NOTE: This service will be agreed in advance with a senior manager at the client and the RQA security specialists will always carry a letter from a senior manager explaining their reason for being on site and providing contact details for the senior manager.
Physical security assessment
A RQA security specialist will carry out an assessment of the physical security resilience of the site. This is a one-day assessment of all areas of physical security. This is not just about fences and lights, but more about the overall envelope of security capability that will improve the resilience of the site to unwanted penetration. A full report with recommendations will be provided following the assessment. Our specialists can offer any advice you may need to improve that resilience.
Security-based simulation exercise
RQA carries out many simulation exercises relating to crisis, BCP, product recall. These are the closest experience to reality without experiencing the real thing. In this case, we will design a scenario where your security has been breached and this has resulted in theft, tampering or terrorist event. Whilst the incident is restricted to your crisis team, they will need to manage the incident as though it were real. A full report with recommendations will be provided following the assessment.
Food defence assessment
This service is specifically designed for our food and beverage clients and addresses the food defence and TACCP capabilities. It includes the physical security, but also identifies gaps in the food defence management systems and considers anti-tamper, safe production lines etc. A full report with recommendations will be provided following the assessment. This will normally be carried out by a principal consultant with extensive experience in food manufacture and food defence systems.
Our security specialists are former senior police officers with extensive experience in advising businesses, hospitals, national infrastructure, governments, and organisers of large-scale public and corporate events.
RQA’s team of highly experienced security specialists will advise you on all elements of your physical security resilience.