Chapter 4: Facility safeguarding
- Facility protection (physical security) is one of the essential subsystems for implementing an effective security program. Operational standards for the physical security of sensitive information and assets are contained in Treasury Board's Policy on Government Security and its associated directives and standards. The Canadian Industrial Security Directorate (CISD) of Public Services and Procurement Canada is responsible for the application of these standards in all private sector organizations that participate in the Contract Security Program.
Additional requirements exist, including some for information technology (IT), for the handling of communications security (COMSEC) information and assets, over and above those safeguards outlined in this chapter.
Refer to the IT Security Directive for the Control of COMSEC Material in the Canadian Private Sector.
- A physical security system should safeguard against unauthorized access, detect actual or attempted unauthorized access and be able to activate a response. Protection involves physical, procedural and psychological barriers to delay or deter. Detection refers to devices and methods designed to show and, possibly, verify attempted or actual unauthorized access. Response refers to reactions such as the involvement of guard or police forces, assessments to damage and measures to prevent the failure of other elements of the system.
- Given enough time, almost any physical security measure can be compromised. It is therefore important to point out that protective measures must be predicated on the time required for a response unit or person to arrive at the scene. CISD will assist in the development of an overall facility protection plan.
This chapter deals with the physical security requirements of the plant and grounds, the setting up of security zones (control of access into and within the facility) and the security of protected and classified information and assets.
Carefully consult Chapter 5: Handling and safeguarding of classified and protected information and assets of this manual to ensure that the necessary measures are incorporated into the overall facility protection plan.
Physical security starts with the initial design of the facility. To avoid or reduce the cost of security retrofit, organizations should consult CISD at an early stage when considering construction, purchase, lease or renovation of facilities for which a site clearance will be required.
401. Physical security
Organizations holding a designated organization screening (DOS) or a facility security clearance (FSC) are required to establish the appropriate number of progressively restrictive zones to control access to protected and classified information and assets. The first 2 types of zones listed below (public zone and reception zone) are not considered secure for safeguarding protected and classified information and assets. Their main purpose is to set up an initial base from which other secure zones can be developed.
Types of secure zones
A public zone generally surrounds or forms part of an organization's facility. Examples include the grounds surrounding a building and public corridors and elevator lobbies in multiple-occupancy buildings. Boundary designators such as signs and direct or remote surveillance may also be used to discourage unauthorized activity.
A reception zone is located at the entry to the facility where:
- the initial contact between the public and the organization occurs
- services are provided
- information is exchanged
- access to restricted zones is controlled
To varying degrees, activity in a reception zone is monitored by the personnel who work there, by other personnel or by security staff. Access by the public may be limited to specific times of the day or for specific reasons. Entry beyond the reception zone is indicated by a recognizable perimeter such as a doorway or an arrangement of furniture and dividers in an open office environment.
An operation zone is an area where access is limited to personnel who work there and to properly escorted visitors. Operations zones should be monitored at least periodically, based on a threat and risk assessment, and should preferably be accessible from a reception zone.
A secure zone is an area to which access is limited to authorized personnel and to authorized and properly-escorted visitors. Security zones should preferably be accessible from an operations zone and through an entry point. A security zone need not be separated from an operations zone by a secure perimeter. Security zones are monitored 24 hours a day and 7 days a week by security staff, other personnel or electronic means.
A high-security zone is an area to which access is controlled through an entry point and limited to authorized, appropriately screened personnel and authorized and properly escorted visitors. High-security zones should be accessible only from security zones and are separated from security zones and operations zones by a perimeter built to the specifications recommended in a threat and risk analysis. High-security zones are monitored 24 hours a day and 7 days a week by security staff, other personnel or electronic means.
Attributes of secure zones
- Signs must be used to demarcate secure zones and must include the term “operations zone,” “security zone” or “high-security zone.”
- The physical attributes of a secure zone may vary. For example, a security zone could be a desk in an open-office environment that normally functions as an operations zone, if the person working there is able to control and monitor access to the protected and classified information and assets. A security zone could also be an enclosed office to prevent unauthorized seeing or hearing of information.
- The definition of secure zones may vary according to the period of use during the day or week. For example, a reception zone during public access hours may be defined as an operations zone during restricted access hours, such as on weekends and at night.
- Physical security is more acceptable and effective if measures, such as barriers, are adapted to normal operations as much as possible. Proper location and demarcation of secure zones will help ensure appropriate functional use as well as controlled access.
Regulations and codes
Physical security systems are to comply with relevant provincial and municipal regulations and codes, such as those relating to fire, construction and electrical installations.
402. External areas and perimeters
- External perimeter
- Parking lots
- Security lighting
- Doors, windows and other openings
- Emergency exits
- Security control centres
Fences and free-standing walls delineate and control external perimeters. They are typically used where a facility contains valuable assets. Some types of fences and walls may also prevent unauthorized observation. They can compensate for security deficiencies in the building design, such as ground-level windows exposing information or areas.
Landscaping around a secure facility should be designed to enhance:
- protection, by demarcating and securing the perimeters and by channelling personnel and the public
- detection, by allowing for easily identifiable controlled areas, by reducing the opportunity for concealment and by developing circulation routes that will allow employee surveillance of the facility
- response, by allowing unimpeded access to the facility for emergency response personnel and equipment
Parking lots should be designed to reduce the threat to the facility, its employees and visitors by:
- channelling pedestrian traffic
- easing surveillance of high-risk areas
- discouraging the casual use of exit doors and shipping or receiving areas
- not allowing parked vehicles to be located so close to buildings that they increase the security risk
External security lighting is normally required to facilitate surveillance. It may demand increased intensity or a specialized colour spectrum, or both, for identification purposes or for closed-circuit television applications. In view of its technical complexity and the necessity to meet safety and other codes, qualified personnel should plan security lighting. CISD will advise on the specific requirement.
Doors, windows and other openings
Access doors should be restricted to the smallest number possible. Windows should preferably be of a non-opening type. All must be of sturdy construction and securely installed. Other perimeter openings, such as drains or utilities tunnels, must be secured to deny unauthorized entry. CISD will advise on specific requirements and standards.
Emergency exits should not allow uncontrolled access to secure zones. Information and assets controlled by an organization are most vulnerable during an emergency. Therefore, measures must be implemented to ensure that emergency exit routes are adequately protected during an emergency.
Security control centres
An organization granted a DOS or FSC with document safeguarding capability (DSC) may require at each site so cleared a security control centre to monitor and control the status of security equipment and systems such as:
- electronic access controls
- intrusion detection systems
- duress alarms
- closed-circuit television systems
- emergency communications systems
- fire alarms
A security control centre may be operated by the facility, by a commercial agency under contract, or some combination of the 2, to provide full-time coverage. The security monitoring system must have the capability to operate independently of other facility monitoring systems.
For more information on DOS or FSC, refer to section 304. Types of designated organization screening (DOS) or section 357. Types of facility security clearances (FSC) of this manual.
403. Control of access to secure zones
- Personnel identification
- Electronic access control
- Electronic intrusion detection
- Closed-circuit television
- Interior access controls
- Service spaces
Entry points should be established to channel employees and visitors, verify employee identity and prohibit visitor entry until properly recorded and accompanied by an employee.
- Where organizations are large enough that personnel identification between employees becomes uncertain, employees should be required to wear cards that identify the bearer and/or access badges that allow access to specified zones or facilities.
- An identification card should contain the individual's photograph, name and signature, name of the issuing organization and a card number with an expiry date. It does not convey access, but merely identifies the bearer. Access requires an additional control such as an access list, knowledge of a combination, electronic access card or an access badge. An access list or access badge shows authorization only. Therefore, additional control procedures may be necessary to verify identity and regulate entry or exit.
- It is desirable that identification cards and access badges be colour coded or marked in such a way as to quickly indicate clearance level and/or access authorization.
- Organizations are required to:
- establish procedures to verify cards or badges held by personnel and to withdraw cards or badges for cause
- provide for the replacement of any or all cards or badges whenever a threat and risk assessment shows that this is necessary
- set up a procedure for reporting the damage to, or the loss or theft of, personnel identification cards or access badges
- maintain inventories of all cards or badges
- replace personnel identification cards or access badges whenever personal appearance changes significantly from the photograph on the card or badge
- Guards may be required to control access to secure zones where there is a need for personal interaction and judgment, or for quiet-hours patrolling and to provide timely response to actual or attempted unauthorized entry or other emergency. Guards must be appropriately screened to the level of possible access to protected and classified information and assets. This does not include access resulting from the discovery of a security breach.
- Exceptions may be recommended by the responsible field industrial security officer, on a case-by-case basis, based upon an on-site inspection and a threat and risk assessment.
Electronic access control
Electronic access control devices can be used to record authorized entry and to deter unauthorized entry. Their expense, variety and technical complexity make it essential that organizations consult with CISD on acceptable systems and their specific application. An essential prerequisite for installation of electronic access control devices is the establishment of a secure perimeter. Alternative measures must also be available when controls are out of service. Installed systems must comply with applicable building and fire codes and regulations.
Electronic intrusion detection
Electronic intrusion detection (EID) devices signal an alert on attempted unauthorized access. They can be used, in some circumstances, as an alternative to guards or to increase the efficiency of guards. They should be supported by a response capability related to the threat and risk assessment. EID devices are to be checked regularly to ensure reliable operations and alternate measures are to be available. Organizations considering installation of EID devices should obtain CISD guidance on selection and application.
Closed-circuit television systems (CCTVs) televise scenes that are broadcast only to selected receivers for surveillance and assessment purposes. CCTVs can also serve as a psychological deterrent and, when linked to a video recorder, serve as an aid in investigating incidents of unauthorized access. CCTVs can be used to improve guard effectiveness by extending their range of view and to assess the need for an immediate response to an alarm. Alternate measures are to be available if the CCTV is out of service.
Interior access controls
In some circumstances, access controls and procedures may have to be established within a facility to control and record entry to certain security or high-security zones.
- Care must be taken to ensure that common service spaces cannot be used to circumvent the physical security system. Circulation routes should be located to prevent the unauthorized viewing or hearing of protected or classified information. Common service facilities such as general-use photocopiers should not be located in security or high-security zones.
- Public access service spaces, such as washrooms and cloakrooms, are to be located outside of secure spaces.
404. Security of recorded information
- Collection of personnel information
- Secure environment for the handling of protected and classified information and assets
- Effective use of restricted zones
- Handling and safeguarding of protected and classified information and assets
Collection of personnel information
- Due to its sensitivity, personnel security screening documentation containing personal information should not be retained in the organization's general personnel files, but rather in a separate security file and safeguarded as protected in accordance with Chapter 5: Handling and safeguarding of classified and protected information and assets of this manual. Completed personnel security clearance questionnaires pending transmittal to CISD, as well as any adverse information regarding the individual, should be afforded an enhanced level of protection, normally at the Protected B level.
- Contracts for statistical studies or surveys involving confidentiality, or other contracts for the collection of personnel information, will contain specific protection provisions to be observed by the contractor.
Secure environment for the handling of protected and classified information and assets
- Secret and Top Secret information and assets must be processed, stored and destroyed in a security zone unless a threat and risk analysis recommends a higher level of security zone.
- Confidential information and assets must be processed, stored and destroyed in an operations zone.
- Protected A and Protected B information and assets should be processed, stored and destroyed in an operations zone.
- Protected C information and assets should be processed, stored and destroyed in a security zone or, if recommended in a threat and risk analysis, in a higher security zone.
Effective use of restricted zones
In an open office environment, the effective use of restricted zones depends on the implementation of appropriate security procedures, which include:
- respecting the need-to-know principle and respecting zone perimeters
- escorting visitors
- securing protected and classified information and assets when leaving the work area
- using precautions when discussing protected or classified information
- locating equipment such as containers and shredders, where they can be used without leaving protected and classified information and assets unattended
- preparing and handling Protected C information and assets in a security zone or, if recommended in a threat and risk analysis, in a higher security zone
Handling and safeguarding of protected and classified information and assets
Consult Chapter 5: Handling and safeguarding of classified and protected information and assets of this manual for special requirements relating to:
- records office security
- mailroom security
- keys for containers
- removal and transport
405. Security of assets
- Organizations are responsible for determining and, subsequently, managing the risk to the security of all protected and classified assets under their control. They must document and implement an asset security system that:
- identifies management and employee responsibilities
- determines assets requiring safeguards
- establishes procedures for maintaining an inventory, for reporting and dealing with security incidents and for maintaining a threat and risk assessment
- details proper personnel and physical security measures
- Protected and classified assets should be listed with their location, the type of safeguards that may apply and the name of their custodian. Custodians should be assigned responsibility areas and report anything they consider detrimental to the safekeeping of the asset. Procedures should require that all instances of damage to assets and of confirmed missing assets are reported to the company security officer (CSO) as soon as possible.
- Date modified: