A layered approach to physical security

Add to: Digg Add to: Del.icio.us Add to: Facebook Add to: Furl Add to: Google Add to: Live Spaces Add to: MySpace Add to: StumbleUpon Add to: Twitter
Wednesday August 28, 2013 at 10:00am
The focus many of our previous blogs has been on the threats posed by the cyber world, to the information held by companies and organisations (see Cyber attacks blogs). In this blog we discuss the physical threats to the security of the data you hold and suggest some methods of control.

Where do the physical threats to your data security come from?

Threats to physical security come in many forms i.e: natural disasters, emergency situations and man-made threats. In order to implement appropriate and effective controls all possible threats must be identified.

Some common threats include:

Fire: Threats from fire can be devastating. Smoke, vapour, toxic fumes, building collapse are other hazards associated with fire all need to be considered. Fire needs three elements to burn: heat, oxygen & fuel, this is often referred to the fire triangle. Fires are stopped by removing one of these elements or by breaking up the chemical reaction between these elements.

Water: Damage from water can come from various sources such as burst water pipes, flooding and significant weather phenomena.

Electricity: Sensitive equipment can be damaged by electric hazards/anomalies, including: ESD (Electrostatic discharge), electric noise, lightning strikes and magnetic fields.

Theft, terrorism, war, sabotage & vandalism: External and internal threats must be considered. A heightened security level is normal during certain situations.

Equipment failure: Any equipment can fail, especially if the equipment contains mechanical parts.

Loss of communications and utilities: Loss of such services as data, voice, air conditioning etc can occur from any of the above threats, and of course human error.

Personal loss: Can happen due to illness, injury, death, transfers, labour disputes, resignations and terminations.

Physical and Environmental Controls

Controls to mitigate these threats fall under the following headings:


Visitor policies/escort requirements
Restricted areas
Audit logs
Asset classification
Emergency procedures
Pre/post employment checks


Access control/door entry
Security guards


Intruder alarm systems

Environmental and life saving

Electric power controls
Heating, ventilation and air conditioning (HVAC)
Fire detection and suppression

If your organisation hasn’t considered all of the potential physical threats posed, it’s unlikely you will have the necessary controls in place. Our free ISO27001 Benchmark survey includes a review of your physical and environmental controls, so that’s one way you can confirm whether you are fully protected.

Marcus Allen
Parker Management Consultants

Comments on this post:

There aren't any comments for this post yet. Why not be the first to comment?

Share your experiences:

Your Name  
(to appear with your comment)
Email Address  
(will not be published)
Human Validation Check  
In the box below, please type the characters that you see in the picture. This helps us to ensure a real person (and not a crafty computer!) is submitting this form.

Enter the code shown to the left:

Parker Management Consultants, 1st floor, Dominion Court, 43, Station Road, Solihull, B91 3RT Contact us here