Physical Security Assessment

Working with a third party to walkthrough your physical efforts in action can give you immediate feedback on how to strengthen your program.

Physical Security Assessments are a holistic look into the overall physical security of buildings, facilities, and locations. The Physical Security Assessment is a non-invasive walkthrough assessment that is guided by the client’s security personnel while onsite. Our staff evaluates access control systems, security guards, CCTV cameras, access badges, locks, security lighting, fences, and much more.


Many organizations never evaluate the physical security controls that are in place at a building or location. They may spend thousands of dollars on physical security controls, but do not know whether they are implemented correctly or according to security best practices. SecureState can determine how easily an attacker can circumvent these controls. For example, cameras and alarms may not be in the correct locations and can be easily evaded. SecureState uses a detailed client guided approach to evaluate the available controls and technologies to a company in place for physical security.


Many SecureState consultants come from a military and financial services background and have extensive experience in conducting and building physical security assessment programs for complex organizations. Team members also have professional experience with bypassing locks, alarms, and other physical security controls. Our approach follows industry accepted testing methodologies such as PTES, NIST 800-115, and OSSTMM.

Approach and Methodology

SecureState begins Physical Security Assessments by executing an exhaustive search of open source intelligence on the target company. This research can reveal unexpected information about the target location, including staff hierarchy, interior layouts, and even employee badges. Extensive imagery analysis of the target site is conducted using tools like Google Earth to determine potential weaknesses in the perimeter or design. Finally, SecureState reviews company documents to identify gaps in physical security-specific policies and procedures.

On site, SecureState will meet with client security and facility personnel to perform a guided walkthrough of the target facility. All physical security controls are evaluated for existence and effectiveness. The physical security control subdomains evaluated by SecureState during the assessment process include, but are not limited to, the following:

  • Access Control Systems (including badges)
  • Alarms
  • Camera Type and Placement
  • Document Management
  • Lock and Key Management
  • Perimeter and Gates
  • Safety Systems (fire suppression, backup power)
  • Visitor Entry and Verification Procedures

Finally, SecureState attempts to determine what physical vulnerabilities may be present within the controls themselves. This allows SecureState to determine if certain controls need to be improved, or if a new technology can assist with the mitigation of specific threat agents.


Get Started!