Model Safety Program
DATE: _____________
SUBJECT: Physical Security Plan
REGULATORY STANDARD: General Duty Clause (further detail Federal, State, and Local
Requirements.)
.
RESPONSIBILITY: The company Security Officer is _________________. He/she is solely
responsible for all facets of this program and has full authority to make necessary decisions to
ensure success of the program. The Security Officer is the sole person authorized to amend these
instructions and is authorized to halt any operation of the company where there is danger of
security breach.
Contents of the Physical Security Plan
1. Written Program.
2. Program Requirements.
3. Program Components.
4. Physical Security Committee.
5. Security Inspections and Surveys.
6. Security Risk Assessments.
7. Vulnerable Security Areas Listing.
8. Restricted Areas.
9. Security Measures.
10. General Access to Premises.
11. Policy for Passes and Badges.
12. Confiscating Passes and Badges.
13. Access by Local Law Enforcement
Agencies.
14. Keys and Lock Controls (K&LC).
15. Personnel Monitoring.
16. Company Guard Program.
17. Individual Reliability Program for
Guards.
18. Guardpost Orders.
19. Guardpost Evaluations.
(YOUR COMPANY) Physical Security Plan
1. Written Program. (YOUR COMPANY) will review and evaluate this plan under the
following conditions:
(1)
(2)
(3)
(4)
(5)
(6)
(7)
On an annual basis.
When changes occur to applicable regulations.
When changes occur to local directives.
When facility operational changes occur.
When the plan fails.
_____________________________
_____________________________
Effective implementation of this program requires support from all levels of management
within this company. This plan will be communicated to all personnel that are affected
by it. It encompasses the total workplace, regardless of number of workers employed or
the number of work shifts. It is designed to establish clear goals and objectives.
2. Program Requirements. Each level of management has specific responsibilities that
allow the program to function effectively. The proper operation of this plan is an
integrated process made up of the following components.
(1) Assessing the threat.
(2) Assigning specific physical-security duties.
(3) Conducting security planning.
(4) Conducting risk analysis.
(5) Identifying vulnerable areas.
(6) Designating restricted areas.
(7) Coordinating security efforts.
(8) Establishing physical-security councils.
(9) Employing physical- and procedural-security measures.
(10) Conducting inspections and surveys.
3. Program Components.
3.1 Employee responsibilities. Physical security is everyone’s responsibility. An
effective physical-security program uses an approach that is methodical, deliberate,
and ongoing at each management level. Employees at all levels will establish
programs that include the components prescribed by this plan. Supervisors will
periodically review and be prepared to adjust their programs to the changing threat.
3.2. Assessing the threat. Threat assessments must be developed and updated as
necessary.
3.3. Duty assignments. Physical security officers will be designated accordingly.
This company will designate individuals to serve on a working group, to establish the
physical-security committee.
3.4 Key and lock control. Key and lock control (K&LC) will be a designated duty in
every department. K&LC custodians will be appointed in writing to control keys to
sensitive areas and high cost assets.
3.5 Security planning. The physical-security plan will tie security measures together.
The plan will integrate security efforts by assigning responsibilities, establishing
procedures, and ensuring subordinate plans complement each other. The physicalsecurity plan must have reasonable and affordable protective measures. Reliance on
security guards should be a measure of last resort, with alternatives considered when
possible. Associated costs should be in proportion to the value or criticality of the
property being protected and the existing level of risk.
3.6. Risk analysis. Risk analyses are critical to security planning. Risk analyses are
used to adapt physical protective measures and security procedures to local
conditions. Risk analyses must be performed on vulnerable areas. Risk analyses will
be considered when scheduling follow-on inspections and surveys. Analyses will be
kept on file until the next risk analysis is conducted.
3.7 Vulnerable area listing. The vulnerable area list helps managers concentrate
protection on the most important assets and prioritize the physical-security effort.
The vulnerable areas list will include only areas and activities that have been
determined to be essential to the operation or highly vulnerable based on a total
assessment of the specific operation, environment, value and threat. To develop a
vulnerable areas list, we will begin by identifying assets that are critical or subject to
a particular threat, based on known or expected conditions.
3.8 Restricted areas. This company will safeguard assets by declaring high threat
areas as restricted, thereby limiting access to that area. Access to restricted areas will
be strictly controlled and notices will be posted in plain sight. Violations of restricted
areas will be brought to the attention of the security officer.
3.9 Plan coordination. This plan will be coordinated with appropriate physicalsecurity plans with adjacent facilities when possible. Mutual support agreements will
also be established with companies having security interests in the local area.
4. Physical Security Committee.
4.1 Charter for the (YOUR COMPANY) Security Committee. This security
committee will encourage security awareness among all employees. It will be
established to monitor physical security, security performance, security inspections,
and aid the security officer in administering the company security program. The
Committee is charged to:
 Reduce the security threat to employees and physical assets.
 Constantly be aware of conditions in work areas that can produce security
violations.
 Aid the company in complying with all laws pertaining to security.
 Ensure that no employee is required to work at a job that is not safe or healthful.
 Place the security and health of each Employee in a position of primary
importance.
 Aid management in providing all mechanical and physical facilities required for
security in keeping with the highest standards.
 Maintain a security program conforming to the best management practices of
organizations of this type.
 Review intrusion detection system (IDS) failures, including; causes, downtime,
and repair problems.
 Review security modernization plans, status of proposed construction, and
integration of security requirements.
 Review crime trends and conditions conducive to crime.
 Review threat assessments and facility inspections.
 Establish a program that instills the proper attitudes toward security not only on
the part of employees, but also between each employee and his or her coworkers.
 Ultimately achieve a security program maintained in the best interest of all
concerned.
4.2 Security Committee Composition.
4.2.1 Composition. The company security committee will be comprised of ( )
Employees of (YOUR COMPANY). The make up of the committee will
consist of the following:
Security Committee
Title
Chairman
Vice Chairman
Member
Member
Member
Member
Member
Member
Member
Member
Member
________________________________
________________________________
________________________________
________________________________
________________________________
________________________________
________________________________
________________________________
________________________________
________________________________
4.3 Principal Responsibilities. The principal responsibilities of the company security
committee will be as follows:

Assemble on a(n) ______ basis to conduct security meetings.

Conduct and oversee departmental security inspections.

Review security violations and discuss corrective actions.

Direct and monitor departmental training and security meetings.

Discuss and report on unfinished business from previous meetings.

Discuss new business.

Discuss old business.

Maintain appropriate records of activities.
4.4 The Security Officer will be present to make notations of the meeting and offer
advice. He/she will track open security items to conclusion. He/she will also act as
chairman in the absence of the designated chairman or vice chairman.
4.5 Meeting Ground Rules. Company Security Committee meetings will be
conducted in such a manner as to foster a productive work environment. The
principal goal being to determine solutions to security issues affecting our company.
The following ground rules apply.
4.5.1 A minute taker will be selected to serve on a rotating basis from assigned
committee members.
4.5.2 Distribution of Minutes. Minutes will be distributed within ( ) working
days to the following:
4.5.2.1 __________________________
4.5.2.2 __________________________
4.5.2.3 __________________________
4.5.2.4 __________________________
4.5.2.5 __________________________
4.5.2.6 __________________________
4.6 Discussion time limits. In order to establish and maintain a productive course of
action on individual security issues, discussion time limits will be established and
adhered to. Discussion time limits on each security topic will be typically kept to a (
) minute time limit per security issue.
4.7 Subcommittee actions. Where an issue cannot be resolved in a reasonable
amount of time, a subcommittee (composed of at least two people) will be selected
and the issue turned over to the subcommittee for investigation and development of
recommendations. Subcommittee actions will be classified as “old business” and
integrated into the next Security Committee Meeting as appropriate.
4.8 Facility security committee representatives. Company security committee
representatives will be designated in each department. The following positions will
be designated as the security committee representative at each facility:
FACILITY SECURITY COMMITTEE REPRESENTATIVES
TITLE
NAME
LOCATION
____________________
____________________
____________________
____________________
____________________
____________________
______________
______________
______________
______________
______________
______________
______________________
______________________
______________________
______________________
______________________
______________________
5. Security Inspections and Surveys. Inspections and surveys conducted by this
company will conform to the highest requirements for physical security surveys, physicalsecurity inspections, and security engineering surveys.
5.1 Inspections are primarily for vulnerable areas; the frequency is every ( ) months
6. Security Risk Assessments. Risk assessments will be conducted routinely on a(n)
___ basis. Non-routine risk assessments will conducted whenever a significant loss
occurs or other occurrence which has significant impact on the physical security of the
facility.
6.1 Risk assessments are critical to security planning. Risk assessments are used to
adapt physical protective measures and security procedures to current conditions.
6.2 Risk assessments must be performed on vulnerable areas. Risk assessments will
be considered when scheduling follow-on inspections and surveys. Assessments will
be kept on file until the next risk assessment is conducted.
7. Vulnerable Security Areas Listing. Vulnerable area listings will be developed and
maintained.
7.1 The vulnerable areas list will enable the security officer to concentrate protection
on the most important assets and prioritize the physical-security effort. The
vulnerable areas list will include only areas and activities that have been determined
to be essential to employee safety, high cost, essential to the operation or highly
vulnerable based on a total assessment of the specific area.
7.2 To develop a vulnerable areas list, department heads (or other suitable title) will
begin by identifying assets that are critical to employee safety, company operations or
subject to other threats which impact the stability of this company.
7.3 Based on their analyses, managers at each level will develop a vulnerable security
areas list and submit it to the Security Officer for consideration as a vulnerable area.
Areas approved for addition to the vulnerable areas list will be scheduled for risk
assessment and physical-security inspections within ___ days.
8. Restricted Areas. One way we can safeguard assets is by declaring an area restricted
and, thereby, limiting access to that area. Restricted areas will be designated and posted
in accordance with local laws.
8.1 This company will ensure all restricted areas have been assessed and local laws
are complied with. Violations of restricted areas will be brought to the attention of
the Security Officer.
9. Security Measures: There are two broad categories of security measures: procedural
and physical. Measures instituted by this company should deter, detect, delay, or defeat
the threat. Deterrence will be improved by using highly visible measures and
randomness. This is cost-efficient and complicates the threatening person or group.
Security measures will be integrated and layered by using a combination of fences, lights,
electronic security systems (ESSs), and guards.
9.1 Procedural controls will include but are not limited to: Duty appointments,
security checks, checklists, written procedures, etc.
9.2 Procedural controls will include but are not limited to: Fences, locks, lights,
electronic security systems (ESSs), and guards.
10. General Access to Premises:
10.1 Unrestricted areas. Any of the documents listed below may be used to gain
access to unrestricted areas. (detail corporate policy)
10.1.1
10.1.2
10.1.3
10.1.4
10.1.5
___________________________________________
___________________________________________
___________________________________________
___________________________________________
___________________________________________
10.2 Unrestricted areas. Any of the documents listed below may be used to gain
access to unrestricted areas. (detail corporate policy)
10.2.1
10.2.2
10.2.3
10.2.4
10.2.5
___________________________________________
___________________________________________
___________________________________________
___________________________________________
___________________________________________
11. Policy for Passes and Badges.
11.1 Issuing authorities within this company will keep a record of each pass and
badge issued or destroyed. Records will be maintained in the _______ office.
11.2 Passes and badges are company property and may not be transferred or altered
after they are issued. Lost passes or badges will be reported promptly to the issuing
authority. When the need for a pass or badge ends, the individual’s supervisor will
ensure the pass or badge is voided and returned to the issuing authority. The issuing
authority will destroy the pass or badge by cutting it into small pieces or shredding it,
and recording its final disposition. Supervisors will report passes and badges that
cannot be recovered as "lost."
11.3 Lost or stolen passes will be reported to the individual’s supervisor
immediately.
11.4 The company may revoke passes with no prior notice. The employee will be
notified within ( ) working days of the reason for the revocation.
11.5 To control and account for passes and badges, issuing authorities will:
11.5.1 Control procurement, storage, processing, issue, turn-in, recovery,
expiration, and destruction of passes and badges.
11.5.2 Establish measures to reduce the possibility of theft, loss, counterfeiting,
and improper use.
11.5.3 Establish a uniform method of wearing security badges.
11.5.4 Arrange entry-control points so arriving and departing personnel must
pass in single file in front of access-control personnel.
11.5.5 Position racks or containers holding security badges and passes so they
are accessible only to access-control personnel.
11.5.6 Authenticate security records as required.
11.5.7 Appoint a responsible custodian to perform control procedures.
11.5.8 Maintain written records that show the status of passes and badges, and
the disposition of lost, stolen, and destroyed forms. Information will be
recorded, maintained and destroyed according to company policy or on
automated data files that include the same data elements.
11.5.9 The security officer will conduct unannounced inspections and
inventories of issuing procedures and on-hand security management forms.
These inspections and inventories will be conducted at least once a quarter (or
detail other). The inspection will be documented and _____________ (Security
Officer’s Supervisor) and department inspected will be provided a copy of the
results. Discrepancies will be brought to the attention of the Security
Committee.
11.5.10 Inventory temporary badges daily or at changes in shifts by accesscontrol personnel.
11.5.11 Promptly invalidate lost or stolen security badges and passes and
maintain a current roster of invalidated badges and passes at access-control
points.
11.5.12 Recover permanent and temporary badges at the exit point of restricted
areas where the badge(s) were issued.
11.5.13 Maintain records at access-control points that enable access-control
personnel to determine promptly and accurately the number and identity of
persons in the area at any time.
11.6 Permanent Badges. Permanent badges may be issued to a person requiring
continual access to restricted areas. The permanent badge will have a clip-on
attachment allowing it to be worn at all times on an outer garment while the bearer is
in the restricted area.
11.7 Temporary Badge. Temporary badges may be issued to visitors who require
infrequent entry to a restrictive area or may also be used by personnel requiring
continual access while a permanent badge is being prepared. Custodians may require
visitors to release personal identification documents in exchange for a temporary
badge or pass. When temporary badges are used, they will:
(1) Be laminated and have a clip allowing them to be worn on outer garment
while in the restricted area.
(2) Be easily distinguishable from permanent security badges and passes.
Visitors will be escorted at all times while in a restricted area. Entry and exit of
visitors will be recorded.
12. Confiscating Passes and Badges.
12.1 Access-control personnel will avoid embarrassing situations and disturbances,
but will deny access to persons with expired, severely damaged, or altered ID or
access documents. If access is denied, access-control personnel will confiscate access
passes and badges if that document is expired, severely damaged, or altered. Accesscontrol personnel will inform the individual’s supervisor when a passbearer refuses to
surrender an expired, altered, or severely damaged access document.
13. Access by Local Law Enforcement Agencies.
13.1 The Security Officer will:
13.1.1 Establish and conduct liaison with local law enforcement agencies.
13.1.2 Establish procedures for access by local law enforcement agencies.
13.1.3 Entry to Restricted Areas. Access to restricted areas will be provided for
local law enforcement to enter only if they are in a “hot-pursuit situation”.
14. Keys and Lock Controls (K&LC).
14.1 Keys providing access to restricted areas that are not in use or are not attended
will be stored in approved security containers or equivalent.
14.2 Spare keys will not be kept with operational keys.
14.3 Maintenance keys for high-security padlocks will not be used as primary access
keys. Maintenance keys will be secured and will be kept separate from spare keys.
Placing maintenance keys in a separate, sealed envelope in a container with the spare
keys usually constitutes acceptable separation.
15. Personnel Monitoring.
15.1 Security wands. Security wands that detect metal objects may be used for entry
or egress from high security areas. Guards will use wands in accordance with
established procedures for the specific area. Procedures will not be deviated from
without prior approval of the Head Guard or Security Officer. Any deviations will be
reported to all affected personnel accordingly.
15.2 Personnel searches. (detail local policy)
15.3 Other types of personnel monitoring. (detail local policy)
16. Company Guard Program. Guards are a valuable resource. They may be
employed either in an active capacity (access control) or in a passive role (surveillance
and detection). Guards are, however, a costly asset and, as such, should be employed
only where alternative solutions are not practical or allowable and when the risk to the
protected asset warrants such protection. Because of manpower and funding constraints,
guards will be provided only to the level essential to meet minimum security standards.
The Security Officer will seek reasonable alternatives, such as technology (for example,
ESS), to the long-term employment of guards whenever possible.
16.1 Guards will be used at critical and sensitive locations to protect company assets.
16.2 Contract Guards. Security services may be contracted through competitive bids.
Contracted security services must comply with a performance work statement
developed in advance by this company.
16.3 Guard Force Standards.
16.3.1 Medical Reexamination. Guard personnel will take a medical
reexamination each ___ (frequency), the Security Officer will recommend a
medical reexamination at any time there is reason to believe a medical condition
exists that could adversely affect job performance or jeopardize the employee's
health while performing assigned duties.
16.3.2 Language Proficiency (further detail policy). Security guards must be
able to converse in English to a degree that enables them to understand oral and
written communications and express themselves in work-related matters.
16.3.3 Appearance. Security guards will maintain an acceptable standard of
individual and duty-area appearance. Security personnel are particularly
conspicuous in the performance of their duties and must present a high
standard of appearance at all times. Formal inspections may be conducted
before security personnel go on duty to ensure the highest standards of
appearance are maintained. Informal inspections will be part of daily
supervision. The following standards of appearance apply:
(1) The prescribed uniform will be worn while on duty as directed by the
supervisor.
(2) Uniforms will be clean and well-pressed. Footwear will be polished.
Required insignia will be worn. Unauthorized insignia or accouterments
will not be worn with or on uniform work clothing.
(3) Shirts, jackets, and coats will be buttoned. Shirts will be tucked into
trousers, unless specifically designed to be worn outside the trousers.
(4) Equipment (for example, pistolbelts, holsters, arm-band) will be clean.
Leather, silver, and brass parts of the uniform will be polished.
(5) Personal hygiene will be maintained.
(6) Hair (including facial hair) will be well groomed. Hair length or
fullness must not interfere with wearing required headgear. Mustaches
and beards will be neatly trimmed and must not interfere with the
performance of duty. Hair, mustaches, and beards will not be a length that
causes a safety hazard. Where respirators are required beards will not be
allowed.
(7) Hands will not be kept in pockets while performing guard duty. Gloves
will be issued and worn during bad weather, as appropriate.
17. Individual Reliability Program for Guards.
17.1 Drug Screening. (detail local policy)
17-2 Training. All guards, regardless of the source, will be formally trained in their
duties before performing security functions. Guards must successfully complete
Initial Training, before being assigned a weapon. (local laws apply)
17.3 Contract guards will be trained by the contractor according to the contract and
will provide documentation of such training upon request.
17.4 Duress Procedures. Each guard will be trained on duress procedures and
situations that might require those procedures.
17.5 First Aid. Security guards will receive a minimum level of instruction in firstaid and basic life-saving techniques. Qualified medical personnel will conduct the
training.
17.6 Guardpost Orders. Security guards will be trained in each aspect of their
assigned duties. Other aspects of a guard's functions, such as access-control
procedures for gate-guards or building-security checks for roving security guards,
will be included in the guard-training program.
17.7 Physical Training. Security guards should maintain an acceptable level of
physical fitness so they can perform their assigned duties and will meet job
description performance standards.
17.8 Weapons Qualification (determine local requirements). Security guards will
qualify with their assigned weapons before they are assigned to security duty and at
least ___ (frequency).
17.9 Use of Force. The decision to arm guards will be governed by the applicable
physical-security standards established for the asset being guarded. Use of force will
be in strict compliance with Federal, State and Local Regulations. The policy on use
of force will be coordinated with the local law enforcement agency before being
implemented. Security guards will use force only when they cannot conduct their
duties without it. When use of force is necessary, only the minimum amount needed
to resolve the situation is justified. Guards should attempt, through verbal
persuasion, to resolve conflicts. If necessary, physical detention using unarmed
defense techniques should be used when possible. Guards should request assistance
from supervisory personnel when a situation appears to be escalating toward use of
force, if time allows. Deadly force is seldom warranted and will be used only under
conditions of extreme necessity (that is, when all lesser means of action have failed
or cannot reasonably be used).
18. Guardpost Orders.
18.1 Guardpost directives. Each guardpost will have clear instructions in English
that describes the scope of the post, functions to be performed, and parameters within
which each guard will operate. Guardpost orders will address each aspect of the
guard's duties. Orders will include at least the following information:
18.1.1 Area of Responsibility. The specific area for which the guard is
responsible. Use of a detailed sketch will help clarify the limits of the post.
18.1.2 Use of Force. The Security Officer will oversee the preparation of
instructions on the use of force (including deadly force). To include as a
minimum:
(a) The conditions justifying use of force and the appropriate level of force
warranted for those conditions.
(b) The specific conditions warranting use of deadly force. Conditions
should include the protection of specific items (weapons and ammunition)
that, if taken, could cause deadly harm to others in the hands of
unauthorized individuals.
(c) The legal protection provided to a guard who, in the most prudent
application of assigned duties, uses deadly force to comply with guard
orders.
18.2 Supervisory control. The supervisory chain will be defined. Conditions when a
guard may be required to comply with instructions from personnel outside of their
supervisory chain also will be clearly explained.
18.3 Reports and Forms. Clear instructions for using reports and forms, when such
are required, will be provided; samples will be provided to each post.
18.4 Special Instructions. Unique situations and requirements of a specific post will
be clearly detailed in the guard-post orders.
19. Guardpost Evaluations: Regular and routine evaluations of security-guard
operations are essential to ensuring compliance with this plan, local policy, and guardpost
orders. Regular and routine evaluations of security-guard operations are essential to
ensuring compliance with this plan. The Security Officer will develop a policy to ensure
Guard Supervisors will evaluate security guards before posting them to determine if they
are fit and prepared for duty. Supervisors will also evaluate each guard-post at least once
during the scheduled shift to ensure security guards know guard policies and guardpost
orders.