Physical Security Risk Assessment

By taking a risk based approach to assessing physical security, you can focus your efforts on protecting against the specific risks your company faces.

This comprehensive assessment considers threats and vulnerabilities within the context of the organization and its most critical assets and processes. SecureState collects data from a wide range of sources including CAP Index® reports, open sources, on-site assessments, client interviews, and policy and procedure reviews, and open source research. This data is compiled and analyzed in the framework of your organization’s locations and the business processes they fulfill. The end result is a complete view of risk that allows your organization to manage it appropriately.


Considering risk and all the factors that increase or lower it is the best way for your organization to develop a prioritized plan. Furthermore, it ensures that you see the highest return on investment from the time and money spent on remediation efforts. Additionally, many organizations must meet the requirements of specific regulatory frameworks (CIP-014, for instance), which often include third party risk assessments. SecureState’s combined experience in regulatory compliance and physical security make us your ideal partner in this regard.


SecureState’s physical security team is comprised of highly qualified individuals with a range of backgrounds. Our team members have held positions in military intelligence, financial services security, security auditing, community emergency response, and beyond. Our professional experience and expertise includes threat intelligence, policy development, tactical operations planning, and national security policy.

This diverse team is brought together by its shared passion for security and desire to find solutions to our clients’ most pressing security challenges. Together, the team has leveraged its talents to build, implement, and test complex physical security programs for organizations across a range of industries and a multitude of environments. Some of the largest organizations within their respective industries have trusted the advice and recommendations of SecureState professionals in the design, implementation, management, and testing of their security architectures.

Our capabilities, along with our comprehensive knowledge of our clients’ missions, enable SecureState to build productive long-term relationships with our clients while crafting solutions appropriate to their needs.

Approach and Methodology

Physical Security Risk Assessments begin by categorizing your organization’s facilities, their assets, and the business processes they fulfill. Once this is done for all sites in scope, SecureState then focuses on identifying the criticality and recovery potential for each location. Onsite walkthroughs, interviews with key personnel, and documentation review allow SecureState to identify physical security controls and their ability to mitigate or prevent physical threats.

SecureState determines the natural, technological, and man-made threats specific to each in-scoped location based on client interviews, open source intelligence gathering, CAP Index® reports, and government threat feeds. These threats are then contextualized according to probability, frequency, and impact, as well as the presence and effectiveness of controls designed to counter them.

This information allows SecureState to generate a risk profile for each of the in-scope sites, allowing risk to be viewed comprehensively across the enterprise and contributing directly to the creation of a tactical and strategic roadmap for addressingwhich prioritizes the most critical risk areas. If necessary, this roadmap can align with a client-specified framework to assist your organization in meeting its regulatory requirements.

Get Started!