Model Safety Program

Model Safety Program

DATE: _____________

SUBJECT: Physical Security Plan

REGULATORY STANDARD: General Duty Clause (further detail Federal, State, and Local Requirements.)

RESPONSIBILITY: The company Security Officer is _________________. He/she is solely responsible for all facets of this program and has full authority to make necessary decisions to ensure success of the program. The Security Officer is the sole person authorized to amend these instructions and is authorized to halt any operation of the company where there is danger of security breach.

Contents of the Physical Security Plan

1. Written Program.

2. Program Requirements.

3. Program Components.

4. Physical Security Committee.

5. Security Inspections and Surveys.

6. Security Risk Assessments.

7. Vulnerable Security Areas Listing.

8. Restricted Areas.

9. Security Measures.

10. General Access to Premises.

11. Policy for Passes and Badges.

12. Confiscating Passes and Badges.

13. Access by Local Law Enforcement Agencies.

14. Keys and Lock Controls (K&LC).

15. Personnel Monitoring.

16. Company Guard Program.

17. Individual Reliability Program for Guards.

18. Guardpost Orders.

19. Guardpost Evaluations.

(YOUR COMPANY) Physical Security Plan

1. Written Program. (YOUR COMPANY) will review and evaluate this plan under the following conditions:

(1) On an annual basis.

(2) When changes occur to applicable regulations.

(3) When changes occur to local directives.

(4) When facility operational changes occur.

(5) When the plan fails.

(6) _____________________________

(7) _____________________________

Effective implementation of this program requires support from all levels of management within this company. This plan will be communicated to all personnel that are affected by it. It encompasses the total workplace, regardless of number of workers employed or the number of work shifts. It is designed to establish clear goals and objectives.

2. Program Requirements. Each level of management has specific responsibilities that allow the program to function effectively. The proper operation of this plan is an integrated process made up of the following components.

(1) Assessing the threat.

(2) Assigning specific physical-security duties.

(3) Conducting security planning.

(4) Conducting risk analysis.

(5) Identifying vulnerable areas.

(6) Designating restricted areas.

(7) Coordinating security efforts.

(8) Establishing physical-security councils.

(9) Employing physical- and procedural-security measures.

(10) Conducting inspections and surveys.

3. Program Components.

3.1 Employee responsibilities. Physical security is everyone’s responsibility. An effective physical-security program uses an approach that is methodical, deliberate, and ongoing at each management level. Employees at all levels will establish programs that include the components prescribed by this plan. Supervisors will periodically review and be prepared to adjust their programs to the changing threat.

3.2. Assessing the threat. Threat assessments must be developed and updated as necessary.

3.3. Duty assignments. Physical security officers will be designated accordingly. This company will designate individuals to serve on a working group, to establish the physical-security committee.

3.4 Key and lock control. Key and lock control (K&LC) will be a designated duty in every department. K&LC custodians will be appointed in writing to control keys to sensitive areas and high cost assets.

3.5 Security planning. The physical-security plan will tie security measures together. The plan will integrate security efforts by assigning responsibilities, establishing procedures, and ensuring subordinate plans complement each other. The physical-security plan must have reasonable and affordable protective measures. Reliance on security guards should be a measure of last resort, with alternatives considered when possible. Associated costs should be in proportion to the value or criticality of the property being protected and the existing level of risk.

3.6. Risk analysis. Risk analyses are critical to security planning. Risk analyses are used to adapt physical protective measures and security procedures to local conditions. Risk analyses must be performed on vulnerable areas. Risk analyses will be considered when scheduling follow-on inspections and surveys. Analyses will be kept on file until the next risk analysis is conducted.

3.7 Vulnerable area listing. The vulnerable area list helps managers concentrate protection on the most important assets and prioritize the physical-security effort. The vulnerable areas list will include only areas and activities that have been determined to be essential to the operation or highly vulnerable based on a total assessment of the specific operation, environment, value and threat. To develop a vulnerable areas list, we will begin by identifying assets that are critical or subject to a particular threat, based on known or expected conditions.

3.8 Restricted areas. This company will safeguard assets by declaring high threat areas as restricted, thereby limiting access to that area. Access to restricted areas will be strictly controlled and notices will be posted in plain sight. Violations of restricted areas will be brought to the attention of the security officer.

3.9 Plan coordination. This plan will be coordinated with appropriate physical-security plans with adjacent facilities when possible. Mutual support agreements will also be established with companies having security interests in the local area.

4. Physical Security Committee.

4.1 Charter for the (YOUR COMPANY) Security Committee. This security committee will encourage security awareness among all employees. It will be established to monitor physical security, security performance, security inspections, and aid the security officer in administering the company security program. The Committee is charged to:

· Reduce the security threat to employees and physical assets.

· Constantly be aware of conditions in work areas that can produce security violations.

· Aid the company in complying with all laws pertaining to security.

· Ensure that no employee is required to work at a job that is not safe or healthful.

· Place the security and health of each Employee in a position of primary importance.

· Aid management in providing all mechanical and physical facilities required for security in keeping with the highest standards.

· Maintain a security program conforming to the best management practices of organizations of this type.

· Review intrusion detection system (IDS) failures, including; causes, downtime, and repair problems.

· Review security modernization plans, status of proposed construction, and integration of security requirements.

· Review crime trends and conditions conducive to crime.

· Review threat assessments and facility inspections.

· Establish a program that instills the proper attitudes toward security not only on the part of employees, but also between each employee and his or her co-workers.

· Ultimately achieve a security program maintained in the best interest of all concerned.

4.2 Security Committee Composition.

4.2.1 Composition. The company security committee will be comprised of ( ) Employees of (YOUR COMPANY). The make up of the committee will consist of the following:

Security Committee

Title Member

Chairman ________________________________

Vice Chairman ________________________________

Member ________________________________

4.3 Principal Responsibilities. The principal responsibilities of the company security committee will be as follows:

· Assemble on a(n) ______ basis to conduct security meetings.

· Conduct and oversee departmental security inspections.

· Review security violations and discuss corrective actions.

· Direct and monitor departmental training and security meetings.

· Discuss and report on unfinished business from previous meetings.

· Discuss new business.

· Discuss old business.

· Maintain appropriate records of activities.

4.4 The Security Officer will be present to make notations of the meeting and offer advice. He/she will track open security items to conclusion. He/she will also act as chairman in the absence of the designated chairman or vice chairman.

4.5 Meeting Ground Rules. Company Security Committee meetings will be conducted in such a manner as to foster a productive work environment. The principal goal being to determine solutions to security issues affecting our company. The following ground rules apply.

4.5.1 A minute taker will be selected to serve on a rotating basis from assigned committee members.

4.5.2 Distribution of Minutes. Minutes will be distributed within ( ) working days to the following:

4.5.2.1 __________________________

4.5.2.2 __________________________

4.5.2.3 __________________________

4.5.2.4 __________________________

4.5.2.5 __________________________

4.5.2.6 __________________________

4.6 Discussion time limits. In order to establish and maintain a productive course of action on individual security issues, discussion time limits will be established and adhered to. Discussion time limits on each security topic will be typically kept to a ( ) minute time limit per security issue.

4.7 Subcommittee actions. Where an issue cannot be resolved in a reasonable amount of time, a subcommittee (composed of at least two people) will be selected and the issue turned over to the subcommittee for investigation and development of recommendations. Subcommittee actions will be classified as “old business” and integrated into the next Security Committee Meeting as appropriate.

4.8 Facility security committee representatives. Company security committee representatives will be designated in each department. The following positions will be designated as the security committee representative at each facility:

FACILITY SECURITY COMMITTEE REPRESENTATIVES

TITLE NAME LOCATION

____________________ ______________ ______________________

5. Security Inspections and Surveys. Inspections and surveys conducted by this company will conform to the highest requirements for physical security surveys, physical-security inspections, and security engineering surveys.

5.1 Inspections are primarily for vulnerable areas; the frequency is every ( ) months

6. Security Risk Assessments. Risk assessments will be conducted routinely on a(n) ___ basis. Non-routine risk assessments will conducted whenever a significant loss occurs or other occurrence which has significant impact on the physical security of the facility.

6.1 Risk assessments are critical to security planning. Risk assessments are used to adapt physical protective measures and security procedures to current conditions.

6.2 Risk assessments must be performed on vulnerable areas. Risk assessments will be considered when scheduling follow-on inspections and surveys. Assessments will be kept on file until the next risk assessment is conducted.

7. Vulnerable Security Areas Listing. Vulnerable area listings will be developed and maintained.

7.1 The vulnerable areas list will enable the security officer to concentrate protection on the most important assets and prioritize the physical-security effort. The vulnerable areas list will include only areas and activities that have been determined to be essential to employee safety, high cost, essential to the operation or highly vulnerable based on a total assessment of the specific area.

7.2 To develop a vulnerable areas list, department heads (or other suitable title) will begin by identifying assets that are critical to employee safety, company operations or subject to other threats which impact the stability of this company.

7.3 Based on their analyses, managers at each level will develop a vulnerable security areas list and submit it to the Security Officer for consideration as a vulnerable area. Areas approved for addition to the vulnerable areas list will be scheduled for risk assessment and physical-security inspections within ___ days.

8. Restricted Areas. One way we can safeguard assets is by declaring an area restricted and, thereby, limiting access to that area. Restricted areas will be designated and posted in accordance with local laws.

8.1 This company will ensure all restricted areas have been assessed and local laws are complied with. Violations of restricted areas will be brought to the attention of the Security Officer.

9. Security Measures: There are two broad categories of security measures: procedural and physical. Measures instituted by this company should deter, detect, delay, or defeat the threat. Deterrence will be improved by using highly visible measures and randomness. This is cost-efficient and complicates the threatening person or group. Security measures will be integrated and layered by using a combination of fences, lights, electronic security systems (ESSs), and guards.

9.1 Procedural controls will include but are not limited to: Duty appointments, security checks, checklists, written procedures, etc.

9.2 Procedural controls will include but are not limited to: Fences, locks, lights, electronic security systems (ESSs), and guards.

10. General Access to Premises:

10.1 Unrestricted areas. Any of the documents listed below may be used to gain access to unrestricted areas. (detail corporate policy)

10.1.1 ___________________________________________

10.1.2 ___________________________________________

10.1.3 ___________________________________________

10.1.4 ___________________________________________

10.1.5 ___________________________________________

10.2 Unrestricted areas. Any of the documents listed below may be used to gain access to unrestricted areas. (detail corporate policy)

10.2.1 ___________________________________________

10.2.2 ___________________________________________

10.2.3 ___________________________________________

10.2.4 ___________________________________________

10.2.5 ___________________________________________

11. Policy for Passes and Badges.

11.1 Issuing authorities within this company will keep a record of each pass and badge issued or destroyed. Records will be maintained in the _______ office.

11.2 Passes and badges are company property and may not be transferred or altered after they are issued. Lost passes or badges will be reported promptly to the issuing authority. When the need for a pass or badge ends, the individual’s supervisor will ensure the pass or badge is voided and returned to the issuing authority. The issuing authority will destroy the pass or badge by cutting it into small pieces or shredding it, and recording its final disposition. Supervisors will report passes and badges that cannot be recovered as "lost."

11.3 Lost or stolen passes will be reported to the individual’s supervisor immediately.

11.4 The company may revoke passes with no prior notice. The employee will be notified within ( ) working days of the reason for the revocation.

11.5 To control and account for passes and badges, issuing authorities will:

11.5.1 Control procurement, storage, processing, issue, turn-in, recovery, expiration, and destruction of passes and badges.

11.5.2 Establish measures to reduce the possibility of theft, loss, counterfeiting, and improper use.

11.5.3 Establish a uniform method of wearing security badges.

11.5.4 Arrange entry-control points so arriving and departing personnel must pass in single file in front of access-control personnel.

11.5.5 Position racks or containers holding security badges and passes so they are accessible only to access-control personnel.

11.5.6 Authenticate security records as required.

11.5.7 Appoint a responsible custodian to perform control procedures.

11.5.8 Maintain written records that show the status of passes and badges, and the disposition of lost, stolen, and destroyed forms. Information will be recorded, maintained and destroyed according to company policy or on automated data files that include the same data elements.

11.5.9 The security officer will conduct unannounced inspections and inventories of issuing procedures and on-hand security management forms. These inspections and inventories will be conducted at least once a quarter (or detail other). The inspection will be documented and _____________ (Security Officer’s Supervisor) and department inspected will be provided a copy of the results. Discrepancies will be brought to the attention of the Security Committee.