The physical security risk analysis is the basis for adopting the security measures of the objectives, goods and values provided by law, transposed in the surveillance plan and the project for the alarm system. The physical security risk analysis is materialized through the documentation prepared within the standardized risk management process, which dynamically determines the necessary and applicable measures to classify the security risks at acceptable levels.
Physical security risk analysis consists in establishing the consequences and probabilities for the identified risk events, taking into account the presence (or absence) and effectiveness of any means of control. Their consequences and probabilities are then combined to determine a level of risk.
GD 301/2012 stipulates that the adoption of security measures for the objectives belonging as appropriate to ministries and other specialized bodies of central and local public administration, autonomous utilities, national companies and societies, national research and development institutes, companies, regardless of the nature of share capital, must organize its security measures on the basis of such a risk analysis. The documentation on the risk analysis includes:
- the assessment and treatment of the physical security risks report;
- evaluation grid, specific to the object of activity;
- underlying documents.
The assessment and treatment of the physical security risks report includes:
- the nomination of the unit, its object of activity and the purpose of the assessment;
- geographical location of the unit, neighborhoods, access roads, other external factors with impact on the activity of the unit;
- the internal organizational framework, policies and responsibilities regarding the physical security of the beneficiary unit;
- the sources of risk to physical security, the areas of impact, the events produced and the causes of the risks identified for the assessed unit, as well as the potential consequences on the persons and the activity;
- analysis of identified risks;
- estimating physical security risks;
- establishing the requirements, measures and security mechanisms for the system to be implemented, regarding the structural, technical, technological and operational aspects;
- estimating security costs, depending on the proposed security measures and the level of risk assumed;
- the conclusions of the report, which propose one or more risk management options in order to fall within the acceptable range of physical security risk, specifically mentioning the sizing of the security device, areas or points controlled by electronic means of video surveillance, burglary, access control and alarm, mechanophysical protection elements, as well as other measures.