16. Build it Secure
Poor or insufficient attention to security at the design and build stage can pose a significant risk to data, information and people once the build is completed and operational. Getting protective security right at the design and planning stage is critical.
When designing and planning, consider ‘layering’ your security i.e. combining layers of protective measures that would limit and deter hostile activity. Layering could include perimeter controls and guarding; building design features, and limiting, screening or otherwise controlling access.
Security managers should also ensure that physical barriers and surveillance equipment are tested and updated regularly, and are fit for their specific purpose. Questions you should seek to address:
- Are holistic and layered physical security measures in place to protect your assets?
- Are these measures at the appropriate test and installation standards?
- Who owns build security at senior level? Are there effective reporting lines between security managers and executive level?
- How regularly are build security systems inspected, tested and updated?
A range of CPNI guidance is available to help you address the questions above:
- Physical Security - guidance and advice pages of the CPNI website
- Building Information Modelling – guidance on designing in for security and information sharing
- Operational Requirements – guidance on approach to security requirements and making the business case.