Lesson 5

PHYSICAL SECURITY

Define Physical Security

- Physical Security measures are being used to defend, protect and monitor property rights and
assets. The measures consist of barriers and devices that would deter, impede and prevent
unauthorized access to equipment, facilities, material and document and to safeguard against
espionage, sabotage, damage and theft.
- Physical security has the important elements:
a) The obstacles, to frustrate trivial attackers.
b) Alarms, security lighting, security guard patrols, closed-circuit television cameras to make it like
that attacks will be noticed; and
c) Security responses, to repel, catch or frustrate attackers when an attack is detected.

Physical Security is a system of barriers placed between the potential intruders and the matter to be
protected.
Physical Controls:
 Discourage undermined intruders
 Offers psychological deterrents
 Delay determined intruders
 Provide security in depth
Physical control example includes:
 Fences and other barriers, locks, windows and doors bars
 Electronic Alarms, protective lighting, safes vaults and signs.

Four Layers of Physical Security:

1. Environment Design – the initial layer of security for a campus, building, office or physical space use
environment design to deter threats. Some of the most common examples are also the most basic
barbed wire, warning signs and fencing concrete, metal barriers, vehicle height-restriction, site
lighting.
2. Mechanical and Electronic Access Control – includes gates, doors and locks. Key control of the locks
becomes a problem with large user populations and any user turnover. Keys quickly become
unmanageable forcing the adoption of electronic access control.
3. Intrusion detection – monitors for attacks. It is less a preventive measure and more of a response
measure. Although some would argue that it is a deterrent. Intrusion detection has a high incidence
of false alarms.
4. Video monitoring – are some useful for incident verification and historical analysis. For instance, if
alarms are being generated and there is a camera place, the camera could be viewed to verify the
alarms. In instances when an attack has already occurred and a camera is in place at the point of
attack, the recorded video can be reviewed.

Three Lines of Physical Defense

1. First Line of Defense – includes perimeter fence or barrier
2. Second line of Defense – include doors, floors, windows, walls, roofs, and grills and other entries to
the buildings.
3. Third line of Defense – include storage systems like steel cabinet, safe vaults and interior files

Principle involved in Physical Security

1. The type of access necessary will depend upon a number of variable factors and therefore
may be achieved in a number of ways.
 2. There is no impenetrable barrier
3. Defense in dept is barriers after barriers
4. Delay is provided against surreptitious and non-surreptitious entry.
5. Each installation is different

Define Barrier
- Barrier can be defined as any structure of physical device capable of restricting, deterring, delaying
of illegal access to an installation.

Purposes in the use of Barrier:

a) Define the physical limits of an area;
b) Create a physical and psychological deterrent to unauthorized entry;
c) Prevent penetration therein or delay intrusion, thus, facilitating apprehension of intruders;
d) Assist in more efficient and economical employment of guards and
e) Facilitate and improve the control and vehicular traffic.

Type of Barriers
1. Natural Barriers – it includes bodies of waters, mountains, marshes, ravines, deserts or other
terrain that are difficult to traverse.
2. Structural Barriers – these are features constructed by man regardless of their original intent that
tends to delay the intruder. Examples are walls, doors, windows, locks, fences, safe, cabinets or
containers, etc.
3. Human Barriers – person being used in providing a guarding system or by the nature of their
employment and location, fulfill security functions. Examples are guards, office personnel, shop
workers, etc.
4. Animal Barriers – animals are used in partially providing a guarding system. Dogs are usually trained
and utilized to serve as guard dogs. German shepherds are best suited for security functions, Goose
and turkeys could be also included.
5. Energy Barriers – it is the employment of mechanical, electrical energy imposes a deterrent to entry
by the potential intruder or to provide warning to guard personnel. These are protective lighting,
alarm system and any electronic devices used as barriers.

Purpose of Perimeter Security

- The main purpose of perimeter barrier is to deny or impede access or exit of unauthorized person.
Basically, it is the first line of defense of an installation. This is maybe in the form of defenses,
building walls or even bodies of water. The function and location of the facility itself usually
determine the perimeter of the installation. If the facility is located in a city whereby the building or
enterprise occupies all the area where it is located, the perimeter may be the walls of the building
itself.

Note: most of the Industrial Companies are required to have a wide space for warehousing, manufacturing, etc.

Type of Perimeter Barriers

1. Fences
2. Walls
3. Bodies of Water

Fence is a freestanding structure designed to restrict or prevent across a boundary.

Type of Fences
 1. Solid Fence – constructed in such a way that visual access through the fence is denied. Its
advantage is that it denies the opportunity for the intruder to become familiar with the personnel,
activities and the time scheduled of the movements of the guards in the installation. On the other
hand, it prevents the guards from observing the areas around the installation and it creates shadow
that may be used by the intruder for cover and concealment.
2. Full-View Fence – it is constructed in such a way that visual access is permitted through the fence.
Its advantages are that it allows the roving patrols and stationary guard to keep the surrounding
area of the installation under observation. On the other hand, it allows the intruder to become
familiar with the movements and time schedule of the guard patrols thereby allowing him to pick
the time that is advantageous on his part.

Type of Full-View Fence

1. Chain link fence
 It must be constructed of 7 feet material excluding top guard.
 It must be of 9 gauges or heavier.
 The opening is not to be larger than 2 inches per side.
 It should be twisted and barbed salvage at top and bottom.
 It must be securely fastened to rigid metal or reinforced concrete.
 It must reach within 2 inches of hard ground or paving.
 On soft ground, it must reach below surface deep enough to compensate for shifting soil or sand.

2. Barbed wire fence

 Standard barbed wire is twisted, double-strand, 12-gauge wire with 4 point barbs spaces in an equal
distance apart.
 Barbed wire fencing should not be less than 7 feet high excluding top guard.
 Barbed wire fencing must be firmly affixed to posts not more than 6 feet apart.

Note: the distance between strands must not exceed 6 inches at least one wire will be interlaced vertically and
midway between posts.

3. Concertina wire fence

 Standard concertina barbed wire is commercially manufactured wire coil of high strength steel barbed
wire clipped together at intervals to form a cylinder.
 Opened concertina wire is 50 feet long and 3 feet in diameter.

Perimeter Barrier Opening

1. Gates and Doors – when not in use and controlled by guards, gates and doors in the perimeter
should be locked and frequently inspected by guards. Locks should be changed from time to time
and should be covered under protective locks and key control.
2. Side-walk-elevators – these provide access to areas within the perimeter barrier and should be
locked and guarded.
3. Utilities Opening – sewers, air intakes, exhaust tunnels and other utility openings which penetrate
the barrier and which have cross sectional areas of 96 square inches or more should be protected
by the guards.
4. Clear Zones – an obstructed area or a “clear zone” should be maintained on both sides of the
perimeter barrier. A clear zone of 20 feet or more is desirable between the barriers and exterior
structures and natural covers that may provide concealment for assistance to a person seeking
unauthorized entry.

Additional Protective Measures

 1. Top Guard – additional overhang of barbed wire placed on vertical perimeter fences upward and
outward with a 45 degree angle with 3 to 4 strands of barbed wires spaced 6 inches apart. This
increases the protective height and prevents easy access.
2. Guard Control Stations – this is normally provided at main perimeter entrances to secure areas
located out—of-doors, and manned by guards on full-time basis. Sentry station should be near a
perimeter for surveillance at the entrance.
3. Tower Guard – this is house-like structure above the perimeter barriers. The higher the tower, the
more visibility it provides. It gives psychological unswerving effect to violators by and large guard
towers, whether permanent or temporary must have a corresponding support force in the event of
need. Towers as well as guard control stations should have telephones, intercoms and if possible
two-way radios connected to security headquarters or office to call for reserves in the event of
need.
4. Barrier Maintenance – fencing barriers and protective walls should always be regularly inspected by
security. Any sign or attempts to break in should be reported for investigation. Destruction of fence
or sections thereof should be repaired immediately.
5. Protection in Depth – in large open areas or ground where fencing or walling is conspicuously
placed. The depth itself is protection reduction of access roads and sufficient notices to warn
intruders should be done. Use of animals, as guards and intrusion device, an also be good as
barriers.
6. Signs and Notices – “control Signs” should be erected where necessary in the management of
unauthorized ingress to preclude accidental entry. Sign should be plainly visible and legible from
any approach and in an understood language or dialect.

Protecting Lighting
- Lighting can provide improve protection for people and facilities is as old as civilization. Protective
lighting is the single most cost-effective deterrent to crime because it creates a psychological
deterrent to the intruders.

Purpose of Protecting Lighting

1. It provides sufficient illumination to the areas during hours of darkness.
2. Lighting can help improve visibility so that intruder can be seen and identified and, if possible,
apprehended.
3. It serves as deterrent to would be thieves.

Types of Protective Lighting

1. Continuous lighting – the most familiar type of outdoor security lighting, this is designed to provide
the specific results; glare projection or controlled lighting. It consists of a series of fixed luminaries
at range to flood a given area continuously during the hours of darkness.
2. Standby lighting – is designed for reserve or standby use or to supplement continuous systems. A
standby system can be most useful to selectively light a particular in an occasional basis.
3. Movable or Portable lighting – this system is manually operated and is usually made up of movable
search or floodlights that can be located in selected or special locations which will require lighting
only for short period of time.
4. Emergency lighting – this system is used in times of power failure or other emergencies when other
systems are inoperative.

General Types of lighting Sources

1. Incandescent lamp – it is the least expensive in terms of energy consumed and has the advantage
of providing instant illumination when the switch is on.
 2. Mercury vapor lamp – it is considered more efficient that the incandescent and used widespread in
exterior lighting. This emits a purplish white color caused by an electric current passing through a
tube of conducting and luminous gas.
3. Metal Halide – it has similar physical appearance of higher mercury vapor but provides a light
source of higher luminous efficiency and better color rendition.
4. Fluorescent – this provides good color rendition, high lamp efficiency as well as long life. However,
it cannot project light over long distance and thus are not desirable as flood type lights.
5. High-pressure sodium vapor – this has gained acceptance for exterior lighting of parking areas,
roadways, building and commercial interiors installations. Constructed on the same principle as
mercury vapor lamps, they emit a golden white to light pink color and this provide high lumen
efficiency and relatively good color rendition.

Type of Lighting Equipment

1. Floodlights – these can be used to accommodate most outdoor security lighting needs, including
the illumination of boundaries, fences and building and for the emphasis of vital areas or particular
buildings.
2. Street lights – these are lighting equipment received the most widespread notoriety for its value in
reducing crime.
3. Search lights – these are highly focused incandescent lamp and are designed to pinpoint potential
trouble spots.
4. Fresnel lights – these are wide beam units, primary used to extent the illumination in long,
horizontal strips to protect the approaches to the perimeter barrier. Fresnel projects a narrow,
horizontal beam that is the degrees in the horizontal and from 15 to 30 degree in the vertical plane.

Protective Lighting Requirements

1. Protective lighting needs at installation and facilities depend on each situation and the areas to be
protected. Each situation requires careful study to provide the best visibility practicable for security
duties identification of badges and people at gate inspection of vehicles, prevention of illegal entry
and detection of intruders and inspection of unusual or suspicious circumstances.
2. When such lighting provisions are impractical, additional security posts, patrols, sentry dog patrols
or other security means will be necessary.
3. Protective lighting should not be use as a psychological deterrent only. It should be used on a
perimeter fence line only where the perimeter fence is under continuous or periodic observation.
4. Protective lighting may be desirable for those sensitive areas or structures within the perimeter,
which are under specific observation. Such areas include vital buildings, storage, and vulnerable
control points in communication, power and water distribution system. In interior areas where
night operations are conducted, adequate lighting or the areas facilities detection of unauthorized
persons approaching or attempting malicious acts within the area.
General Considerations in Protective lighting:
1. The determination of lighting needs must be dependent upon the threat perimeter extremities.
2. Protective lighting must be designed to discourage unauthorized entry and to facilitate detection of
intruders approaching or attempting to gain entry into protected areas.
3. The protective lighting must be continuously operates during periods of reduced visibility and that
standby lighting is maintained and periodically tested for use during times of emergency and
mobilization alerts.
4. Cleaning and replacement of lamps and luminaries, particularly with respect to costs and means
required and available.
5. The effects of local weather conditions may be a problem in cases where fluorescent units are used.
6. Fluctuating or erratic voltages in the primary power sources.
 7. Requirements for grounding of fixtures and the use of common ground on an entire to provide a
stable ground potential.

Areas to be lighted:
a) Perimeter fence
b) Building face perimeter
c) Pedestrian and vehicle entrance
d) Parking area
e) Storage, large opened working areas, piers, docks and other sensitive areas.

Protective Alarms and Communication System

- Protective alarm is one of the important barriers in security. It assists the security in detecting,
impeding or deterring potential security threat in the installation. Basically, its function is to alert
the security personnel for any attempt of into a protected area, building or compound. Once an
intruder tampers the circuitry, the beam or radiated waves of the alarm system. It will activate an
alarm signal.

Note: The use of communication equipment in the installation helps security in upgrading its operational
efficiency and effectiveness.

Three Basic Parts of Alarm System

1. Sensor or trigger device – it emits the aural or visual signals or both
2. Transmission line – a circuit which transmit the message to the signaling apparatus.
3. Annunciator – it is the signaling system that activates the alarm.

Type of Protective Alarm System

1. Central Station System – a type of alarm where the control station is located outside the plant or
installation. When the alarm is sounded or actuated by subscriber, the central station notifies the
police and other public safety agencies.
2. Propriety system – centralized monitor of the propriety alarm system is located in the industrial
form itself with a duly operator. In case of alarm, the duty operator calls whatever is the primary
need; fire-fighters, police, an ambulance or a bomb disposal unit.
3. Local Alarm – this system consist of ringing up a visual or audible alarm near the object to be
protected. When an intruder tries to pry a window, the alarm thereat goes off.
4. Auxiliary alarm – company-owned alarm systems with a unit in the nearest police station so that in
case of need, direct call is possible. The company maintains the equipment and lines both for the
company and those in the police, fire and other landlines or cell phones can avail of the auxiliary
system.

Kinds of Alarms
1. Audio Detection Device – it will detect any sound caused by attempted force entry. A supersonic
microphone speaker sensor is installed in walls, ceiling and floors of the protected area.
2. Vibration Detection Device – it will detect any vibration caused by attempted force entry. A
vibration sensitive sensor is attached to walls, ceilings or floors of the protected area.
3. Metallic foil or wire – it will detect any action that moves the foil or wire. An electricity charge strips
of tinfoil or wire is used in the doors, windows or glass surfaces of the protected area.
4. Laser Beam Alarm – a laser emitter floods a wall or fencing with a beam so that this beam is
disturbed by a physical object, an alarm is activated.
5. Photoelectric or Electric Eye Device – an invisible/visible beam is emitted and when this is disturbed
or when an intruder breaks contact with the beam, it will activate the alarm.
Utilization of Alarm Devices
a) Nature of the area or installation
b) Criticality of the area or complex
c) Vulnerability of the area or complex
d) Accessibility
e) Construction and type of building
f) Hours of normal operation
g) Availability of other type or protection
h) Initial and recurring cost of installed alarm system
i) Design and salvage value of desired equipment
j) Response time of the security force and local police
k) Saving in manpower and money for a period of time if alarm is used.

Desirable Characteristics of Alarm System

1. A detection unit initiate the alarm upon intrusion of a human being in the area or vicinity upon
intrusion of a human being in the area or vicinity to the protected area or object.
2. Panel board central annunciator operating console monitoring activities should be manned at all
times.
3. An annunciaotr console indicating the audible and/or aural signal and the specific location of
incident so that proper action can be made by security and other units.
4. Fail-safe features which give alarm in the annunciator when something is wrong with the system.
5. System should be difficult to tamper or render ineffective by outsiders, competitors or saboteurs.

Summed-up on Protective Alarm Device

a) Alarm devices are physical safeguards used to assist security but not a replacement in the
protection of assets and lives in the installation.
b) It assists the guards to extend their hearing and vision even in areas where they are not physically
present.
c) The alarm system whether a local, a central propriety or an auxiliary type are to inform the guard
either visually or aurally of an attempt or a break-in within the premises being protected.
d) Maintenance of alarm system must be regularly made, the signal line must protect and there must
be alternate source of power.
e) New and improve intrusion hardwired are being developed and placed in the market but again, the
human guard is irreplaceable in spite of computerization and the arrival of upper sophisticated
devices in security alarm systems.

Communications System in Security

- Regular communication facility of a plant is not adequate for protective security purposes. Security
needs a special communication system that will vary in size, type, nomenclature and cost
commensurate with the importance, vulnerability, size, location, radio propagation, and other
factors affecting the security of the installation.

Equipment Used in Communication:

a) Local telephone exchange
b) Commercial telephone service
c) Intercommunication
d) Two-ways radios
e) Paging and recall systems
f) Bullhorns or megaphones
 g) Amplifier or loud speaker systems
h) Cellular or mobile phones

Protective Locks and Key System

- Lock is one of the most widely used physical security devices in the asset protection program of an
installation. It complements other physical safeguards of the installation against any possible
surreptitious entry. However, the owner of the installation or his security officer needs to
understand the weaknesses and strength of each type of locks including the doors, window or walls
to be used to achieve maximum benefit from the application. This is because highly skilled burglars
more often concentrate in the lock and its surroundings mechanism in order to make forcible entry.
It is for this obvious reasons that locks and considered as delaying devices which cannot really stop
a determine intruder from destroying the lock just to launch an attack.

Lock Defined
- A lock is defined as a mechanical, electrical, hydraulic or electronic device designed to prevent
entry into a building, room, container or hiding place.

Types of Locks:
1. Key-operated mechanical lock – it uses some sort of arrangement of internal physical barriers
(wards tumblers) which prevent the lock from operating unless they are properly aligned. The key is
the device used to align these internal barriers so that the lock may be operated.
Three (3) Types of Key-Operated Lock:
 Disc or Wafer tumbler mechanism
 Pin tumbler mechanism
 Lever tumbler mechanism
2. Padlock – a portable and detachable lock having a sliding hasp which passes through a staple ring
and is then made fasten or secured.
3. Combination lock – instead of using the key to align the tumblers, the combination mechanism uses
numbers, letters or other symbols as reference point which enables an operator to align them
manually.
4. Code-operated lock – a type of lock that can be opened by pressing a series of numbered button in
the proper sequence.
5. Electrical lock – a type of lock that can be opened and closed remotely by electrical means.
6. Card-operated lock – a type of lock operated by a coded card.

Key Defined
- A key is a device which is used to open a door. A key consist of two parts: the BLADE, which is
inserted into the lock and the BOW, left protruding so that torque can be applied. The blade of a
key is normally designed to open one specific lock, although master keys are designed to open sets
of similar locks.

Type of Keys
a) Change Key – Is specific key, which operates the lock and has a particular combination of cuts which
match the arrangement of the tumblers in the lock.
b) Sub-master Key – a key that will open all the lock within a particular area or grouping in a given
facility.
c) Master Key – a special key capable of opening a series of lock.
d) Grand Master Key – a key that will open everything in a system involving two or more master key
groups.
Effective Key Control:
a) Key cabinet -a well-constructed cabinet will have to be procured. The cabinet will have to be
sufficient size to hold the original key to every lock in the system. It should be secured at all times.
b) Key record – some administration means must be set-up to record code numbers and indicates to
whom keys to specific locks have been issued.
c) Inventories – periodic inventories will have to be made of all duplicate and original keys in the
hands of the employees whom they have issued.
d) Audits – in addition to periodic inventory, an unannounced audit should be made of all key control
records and procedures by a member of management.
e) Daily report – a daily report should be made to the person responsible for key control from the
personnel department indicating all persons who have left or will be leaving the company. In the
event that a key has been issued, steps should be initiated to insure that the key is recovered.

Security Cabinet
- The final line of defense at any facility is in the high security storage where papers, records, plan or
cashable, instrument, precious metals or other especially valuable assets are protected. These
security containers will be of a size and quantity, which the nature of the business dictates.
In protecting property, it is essential to recognize that protective containers are
designed to secure against burglary or fire. Each type of equipment has a specialized function and it
will depend the owner of the facility which type has is going to use.

Three (3) type of Security Cabinet

1. Safe – a metallic container used for the safekeeping of documents or small items in an office or installation.
Safe can be classified as either robbery or burglary resistance depending upon the use and need.
 Its weight must be at least 750 lbs, and should be anchored to a building structure.
 Its body should at least one inch thick steel
2. Vault – heavily constructed fire and burglar resistance container usually a part of the building structure
used to keep and protect each, documents and negotiable instruments. Vaults are bigger than safe but
smaller than a file room.
 The vault door should be made of steel at least 6 inches in thickness.
 The vault walls, ceiling, floor reinforce concrete at least 12 inches in thickness.
 The vault must be resistive up to 6 hours.
3. File Room – a cubicle in a building constructed a little lighter than a vault but of bigger size to accommodate
limited people to work on the records inside.
 The file room should at most be 12 feet high.
 It must have a watertight door and at least fire proof for one hour.

Personnel Identification and Movement Control

- In every installation the use of protective barriers, security lighting, communication and electronic
hardware provides physical safeguards but these are insufficient to maximize the effort of the guard
force.
The most practical and generally accepted system of personnel identification is the use of
identification cards, badges or passes. Generally speaking, this system designates when and where and
how identification cards should be displayed and to whom. This helps security personnel eliminate the
risk of allowing the access of unauthorized personnel within the establishments.

Types of Personnel Identification

a) Personal Recognition
b) Artificial Recognition – identification cards, passes, and passwords.
Use of Pass System
1. Single pass system – the badge or pass coded for authorization to enter specific areas is issued to
an employee who keeps it in his possession until his authorization is terminates.
2. Pass exchange system – an exchange takes place at the entrance of each controlled area. Upon
leaving the personnel surrenders his badge or passes and retrieve back his basic identification.
3. Multiple pass system – this provides an extra measure of security by requiring that an exchange
take place at the entrance of each restricted area.

Badge and Pass Control

a) The system should have a complete record of all badges and identification cards issued. Return,
mutilated or lost by serial number and cross-indexed alphabetically.
b) The supervisor from time to time for its accuracy and authenticity should checks the lists.
c) Passes and badges reported lost should be validated and security at entrance be informed through
conspicuous posting.
Visitors Movement Control
a) Visitors Logbook – all visitors to any facility should be required to identify themselves and should be
given a visitor’s ID by the security. Visitor’s logbook should be filled up with the named of visitors
nature and duration of visit.
b) Photograph – taking of photograph should also be considered. Extreme caution must be exercise in
areas where classifies information is displayed to preclude unauthorized taking of pictures of the
installation. If a visitor has camera and it is prohibited to take picture, said camera should be left in
the care of security with corresponding receipt.
c) Escort – if possible visitors should be escorted by the security to monitor their activity within the
establishment and guide them where to go.
d) Visitor entrances – separate access for visitors and employees of the establishment should be
provided.
e) Time –traveled – if there is a long delay or time lapse between the departure and arrival, the
visitors may be required to show for the delay.

Package Control Movement

1) No packages shall be authorized to be brought inside the industrial installation, offices and work
area without proper authority. This basic precept help reduce if not eliminate pilferage, industrial
espionage or sabotage.
2) Outgoing package carried by personnel should be closely inspected and those in vehicles should
also be checked as many pilfered items are hidden in the surface of the vehicles leaving the
compound.
3) Any personnel/visitor entering the installation with a package should deposit the same to the
security and in return receives a numbered tag, which he/she will use in claiming his/her package
upon departing.

Vehicles Movement Control and Identification

1. Privately owned vehicle of personnel/visitor should be registered and are subject to the
identification and administrative procedure.
2. Vehicle should be subjected for search at the entrance and exit of the installation.
3. All visitors with vehicle should provide the security of the complete details of their duration to visit
or person to be visit and other information.
4. All vehicles of visitors should be given a sign/sticker to be placed on the windshield.
5. Traffic warning signs should be installed in all entrance.
6. Security personnel must constantly supervise parking areas and make frequent spots searches of
vehicles found there.
Building Access Control
- At any physical barrier, a security system must possess the ability to distinguish among
authorized persons, unauthorized visitors and other unauthorized persons. This is to assist the security
personnel protects sensitive are and information within the installation.
Appropriate warning signs should be posted at the building perimeter. Special restricted entry facilities
to public access should be provided. This will be dependent on the degree of security needed for the protection
of property, activity and other processes within the building.
The access to the restricted area shall be limited to authorize personnel who have the direct
involvement with the installation, construction and operation and maintenance of the equipment and systems
and/or use of the materials contained within the restricted area. A clear-cut policy on the access control should
be disseminated to all personnel of the installation.

Lesson 6
Document or Information Security

Document Security
- It is the protector of records from its entire document life cycle. It also connotes in this context the
safeguarding classified matters.
- In government view, document and information is based on the premises that the government has
the right and duties to protect official papers from unauthorized and improper disclosure.

Standard Rule of Document Security

1. The authority and responsibility for the preparation and classification of classified matter rest
exclusively with the originating office.
2. Classified matter should classify according to their content and not to the file in which they are held
or of another document to which they refer, except radiograms or telegrams referring to previously
classified radiograms or telegram.
3. Classification should be made as soon as possible by placing the appropriate marks of the matter to
be classified.
4. Each individual whose duties allow access to classified matter, or each individual who possesses
knowledge of classified matter while it is in his possession and shall insure that dissemination of
such classified matter is on the “need-to-know” basis and to properly cleared persons only.

Documents Security System

- Document Security system is that aspect of security which involves the application of security
measures for the proper protection and safeguarding of classified information.
Classified categories is official matter which requires protection in the interest of
national security shall be limited to four categories of classification which in descending order of
importance shall carry one of the following designations:

a) Top Secret, Secret, Confidential and Restricted

In Document and Information Security, a “matter “includes everything, regardless of its
physical character, or in which information is recorded or embodied. Documents, equipment, projects,
books, reports, articles, notes, letters, drawings, sketches, plans, photographs, recordings, machinery,
models, apparatus, devices and all other products or substances fall within the general term “matter”.
Information, which is transmitted orally, is considered “matter” for purposes of security.
 b) Security Clearance – Is the certification by a responsible authority that the person described is cleared
for access to classified matter the appropriate level. Or refers to the administrative determination that
an individual is eligible for access for classified matter.
c) Need to Know – is the principle whereby access to classified matter may only be only given to those
persons to whom it is necessary for the fulfillment of their duties. Persons are not entitled to have
access to classified matter solely by virtue of their status or office. It is a requirement that the
dissemination of classified matters be limited strictly to persons whose official duty requires knowledge
or possession thereof.
d) Certification of Destruction – is the certification by a witnessing officer that the classified matters
describe therein has been disposed of in his presence, approved destruction methods.
e) Classified – refers to assign information by one of the four classification categories.
f) Compromise – means lose of authority, which results from an authorized persons obtaining knowledge
of classified matter.
g) Compartmentalization – is the grant of access to classified matter only to property cleaved persons in
the performance of their official duties.
h) Declassify – is the removal of security classification from classified matter.
i) Reclassify/Re grading – is the act of changing the assigned classification of matter.
j) Up-grading – is the act of assigning to a matter of higher classification to a classified document.

Top Secret Matter Defined

- These are information and material (matters) the unauthorized disclosure of which would
cause exceptionally grave damage to the nation, politically, economically or from a security
aspect. This category is reserve for the nation’s closest secret and is to be used with great
reserve.
Classification Authority
The original classification authority for assignment of TOP SECRET classification rests exclusively with
the head of the department. This power may however, be delegated to authorized offices in instances when the
necessity for such arises. Derivative classification authority for TOP SECRET classification (authority for) may be
granted these officers who are required to give comments or response to a communication that necessitates
TOP-SECRETS response.
Examples of Top Secret Documents;
1 Very important political documents regarding negotiation for major alliances.
2 Major governmental projects such as proposal to adjust the nation’s economy.
3 Military-Police defense class or plans.
4 Capabilities of major successes of Intel services.
4 Compilations of data individually classified as secret or lower but which collectively should
be in a higher grade.
5 Strategies plan documenting overall conduct of war.
6 Intel documents revealing major Intel production effort permitting an evaluation by
recipients of the success and capabilities of Intel documents.
7 Major government project like drastic proposals.

Secret Matter Defined

- These Information and material (matter) the unauthorized disclosure of which would endanger
national security, cause serious injury to the interest or prestige of the nation or of any government
activity or would be of great advantage to a foreign nation.

Classification Authority – same as TOP SECRET matter.

Secret grading is justified if;
1) It materially influences a major aspect of military tactics.
2) It involves a novel principle applicable to existing important projects.
3) It is sufficiently revolutionary to result in a major advance in existing techniques or in the
performance of existing secret weapons.
4) It is liable to compromise some other projects so already graded.

Examples of Secret Documents

1. Those that jeopardize or endanger Intel relations of a nation.
2. Those that compromise defense plans, scientific or technological development.
3. Those that reveal important intelligence operations.
4. War plans or complete plans for future war operations not included in top secret.
5. Documents showing disposition of forces.
6. New designs of aircraft projections, tanks, radar and other devices.
7. Troop movement to operational areas
8. Hotel plans and estimates and
9. Order of battle info.

Confidential Matter Defined

- These are information and material (matter) the unauthorized disclosure of which, while not
endangering the national security, would be prejudicial to the interest or prestige of the nation or
any government activity or would cause administrative embarrassment or unwarranted injury to an
individual or would be or advantage to a foreign nation.

Confidential grading is justified if;

1. It is a more than a routine modification or logical improvement of existing materials and is
sufficiently advanced to result in substantial improvement in the performance of existing
CONFIDENTIAL weapons.
2. It is sufficiently important potentially to make it desirable to postpone knowledge of its value
reaching a foreign nation.
3. It is liable to compromise some other project already so graded.

Classification Authority – any officer is authorized to assign confidential classification to any matter in
the performance of his duties.

Examples of Confidential Documents

1. Plans of government projects such as roads, bridges, building, etc.
2. Routine service reports like operations and exercise of foreign power.
3. Routine intelligence reports.
4. Certain personnel records, staff matters

Restricted Matter Defined

- These are information and material (matter) which requires special protection other than that
determined to be TOP SECRET, SECRET OR CONFIDENTIAL.

Classification Authority – authority to classify shall be the same as for CONFIDENTIAL matter.
Reproduction is authorized. Transmission shall be through the normal dissemination
system.

Control of Classified Matters

 Custody and accounting of classified matter, Head of Departments handling classified matter shall issue
orders designating their respective custodians of classified matter. Custodian shall:
1. Store all classified matter.
2. Maintain a registry of classified matter showing all classified matter received and to whom
transmitted.
3. Maintain current roster of persons authorized access to classified matter for each classification in
the office.
4. Insure physical security for classified matter.
5. Conduct an inventory of all TOP SECRET and SECRET matter by inventory and transmit the same to
his successor.

Unauthorized Keeping of Private Records – All government personnel are prohibited keeping private
records, diaries or papers containing statement of facts or opinions, either official or personal, concerning
matters which are related to or which affects national interest or security. Also prohibited is the collecting of
souvenirs or obtaining for personnel use whatsoever any matter classified in the interest of national security.
Dissemination – Dissemination of classified matter shall be restricted to properly cleared persons
whose official duties required knowledge or possession thereof. Responsibility for the determination of “need
to know” rests upon both each individual who has possession, knowledge or command control of the
information involve and the recipient.

Discussion involving classified matters

1. Indiscreet discussion or conversation involving classified matter shall not be engaged in within the
presence of or with unauthorized persons.
2. Which a lecture, address or information talk to a group includes classified matter; the speaker shall
announce the classification at the beginning and end of the period.
3. All personnel leaving the government service shall be warned against unlawful disclosures of
classified matter.

Disclosures to other departments of classified information originating from another department.

Classified matter originating from another department shall not be disseminating to other departments without
the consent of the originating department.

Release of classified matter outside a department

General Policy, no person in the government shall convey orally visually or by written communication
any classified matter outside his own department unless such disclosures has been processed and cleared by
the department head or his authorized representative.

Release of classified matter to congress

Government personnel, when giving oral testimony to the congressional committee involving classified
matter, shall advice the committee of the classification thereof. Government personnel called upon to testify
shall obtain necessary and prior instruction from his department head concerning disclosure. When
congressional members visit government offices, department heads are authorized to release classified matter
which is deemed and adequate response to an inquiry provided that it is required in the performance of official
functions.

Disclosure to Foreign Government or Nationals

1. Its use shall be closely for the purpose for which the classified matter is requested.
2. It shall be treated or handled in accordance with the classified categories of the originating office.
3. Handling shall be made by security-cleared personnel.
4. Reproduction and dissemination shall not be made without the consent of the department head.
Disclosure of classified matter for publication
Classified matter shall be released for public consumption only upon the consent of the department
head or his authorized representative. However, in instances where there is a demand or need for releasing
classified information, extreme caution must be exercised to analyze in detail contents of the classified matter
before release. Normally, all information is released through Public Information Officers. Public Information
Officers should be assisted in the analysis of classified information by the Security Officer.

Purposes of Protecting Classified Materials

a) Deter and impede potential spy.
b) Assist in security investigations by keeping accurate records of the moments of classified materials.
c) Enforce the use of “need to know” principle.

Categories of Document for Security Purposes:

1. Category A
 Information which contains reportable time, sensitive, order of battle and significant information.
 It should be given priority because it is critical information.
 It must be forwarded without delay.
 It is critical to friendly operations.
 It requires immediate action.
2. Category B
 Anything that contains communications, cryptographic documents or systems that should be classified
as secret and requires special handling.
 Higher authorities should declassify it.
3. Category C
 Other information which contains something that could be an intelligence value.
 Contains exploitable information regardless of its contents.
 Unscreened materials/documents should be categorized as Category C.
4. Category D
 No value, yet lower level will never classify documents as category D.
 No decision must be made at the lower echelon that document has no value. It has the responsibility of
the higher Headquarters.
Rules for classification of Documents
1) Documents shall be classified according to their content.
2) The overall classification of a file or of a group of physically connected therein. Pages, paragraphs,
sections or components thereof may bear different classifications. Documents separated from file
or group shall be handled in accordance with their individual classification.
3) Transmittal of documents or endorsement which do not contain classified information or which
contain information classified lower than that of the preceding element or enclosure shall include a
notation for automatic downgrading.
4) Correspondence, Indexes, receipts, reports of possession, transfer or destruction, catalogs or
accession list shall not be classify if any reference to classified matter does not disclosed classified
information.
5) Classified matter obtained from other department shall retain the same original classification.

Information Security Defined

Information security means protecting information and information systems from
unauthorized access, use, disclosure, disruption, modification or destruction.
The terms information security, computer security and information assurance are frequently
used interchangeably. These fields are interrelated and share the common goals of protecting the
confidentiality, integrity and availability of information; however, there are some subtle differences between
them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of
concentration. Information security is concerned with the confidentiality, integrity and availability of data
regardless of the form the data may take: electronic, print or other forms.
Government, military, financial institution, hospital and private businesses a mass great deal
of confidential information about their employees, customers, products, research and financial status. Most of
the information is now collected, protected and stored to electronic computers and transmitted across
networks to other computers. Should confidential information about the business customers or finances or
new a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting
confidential information is a business requirement and in many cases also an ethical and legal requirement. For
the individual, information security has a significant effect on Privacy, which is viewed very differently in
different cultures.

Protection of Sensitive Information

Proprietary information is information that in some special way relates to the status or activities of the
possessor and over which the possessor asserts ownership. In the business community proprietary information
elates to the structure, products or business methods of the organization. It is usually protected in some way
against caused or general disclosure. All propriety information is confidential, but not all confidential
information is propriety.

Type of Propriety Information

1. Trade Secrets – this consist of any formula, pattern, device or compilation of information which is
used in one’s business and which gives him an opportunity to gain an advantage over competitors
who do not know or use it. It may be a formula for a chemical compound a process of
manufacturing, treating or preserving materials, a pattern for machine or device, or a list of
customers. It differs from other secret information as to single or ephemeral events. A trade secret
is a process or devise for continuous use in the protection of the business.
2. Patents – this is a grant made by the government to an inventor, conveying or securing to him the
exclusive right to make, use or sell his invention for term of years.

Primary Distinction between Patents and Trade Secrets

1. Requirements for obtaining a patent are specific. To qualify for a patent the invention must be more
than novel and useful. It must represent a positive contribution beyond the skill of the average
person.
2. A much lower of novelty is required of a trade secret.
3. A trade secret remains secret as long as it continues to meet trade secret tests while the exclusive
right to patent protection expires after 17 years.

Propriety Information Protection Program

Realizing that the most serious threat to trade secrets is the employee, a measure of protection is often
relies through the use of employee agreement which restrict the employee’s ability to disclose information
without specific authorization to the company the following countermeasures may be adopted:
a. Policy and procedure standards regarding all sensitive information.
b. Pre and post employment screening and review.
c. Non-disclosure agreements from employees, vendors, contractors and visitors.
d. Non-competitive agreements with selected employees.
e. Awareness programs
f. Physical security measures
g. Informed monitoring of routine activities.
Basic Principle of information Security
1. Confidentiality

Confidentiality is a requisite for maintaining the privacy of the people who’s personal information the
organization holds.
Information that is considered to be confidential in nature must only be accessed, used, copied or
disclosed by persons who have been authorized to access, use, copy or disclose the information and then only
when there is a genuine need to access, use, copy or disclose the information. A breach of confidentiality
occurs when information that is considered to be confidential in nature has been or may have been, accessed,
used, copied or disclosed to or by someone who was not authorized to have access to the information.
For example permitting someone to look over your shoulder at your computer screen while you
have confidential data displayed on it would be a breach of confidentiality if they were not authorized to have
the information. Giving out confidential information over the telephone is a breach of confidentiality if the
caller is not authorized to have the information.

2. Integrity
In information security, integrity means that data cannot be created, changed or deleted
without authorization. It also means that data stored in one part of a database system is in agreement with
other related data stored in another part of the database system.
For example a loss of integrity can occurs when a database system is not properly shut down
before maintenance is performed or the database server suddenly loses electrical power. A loss also occurs
when an employee accidentally or with malicious intent, delete’s important data files. A loss of integrity can
occurs if a computer virus released onto the computer.

3. Availability
The concept of availability means that the information, the computing systems used to
process the information and the security controls used to protect the information are all available and
functioning correctly when the information is needed. The opposite of availability is denial service.

Types of Control Information Security

1) Administrative Control – consists of approved written policies, procedures, standards and
guidelines. Administrative control form the framework for running the business and managing people. They
inform people on how the business is to be run and how day to day operations are to be conducted. Laws and
regulations created by government bodies are also a type of administrative control because they inform the
business. Some industry sectors must be followed the Payment Card Industry (PCI), Data Security Standard
requires by Visa and Master Card is such an example. Other examples of administrative controls include the
corporate security policy, password policy, hiring policies and disciplinary policies.
2) Logical Controls (also called technical controls) - use software and data to monitor and
control access to information and computing systems.
Example: passwords, network and host based firewalls, network intrusion detection systems, access
control lists and data encryption are logical controls. An important logical control that is frequently overlooked
is the “principle of least privilege”. The principle of least privilege requires that an individual program or system
process is not granted any more access privileges than are necessary to perform the task. A blatant example of
the failure to adhere to the principle of least privilege is logging into windows as user administrative to read
email and surf the web. Violations of this principle can also occur when an individual collects additional access
privileges over time. This happens when employee job duties change or they are promoted to a new position or
they transfer to another department. The access privileges required by their new duties are frequently added
into their already existing access privileges which may no longer be necessary or appropriate.
3) Physical controls – monitor and control the environment of the work place and computing
facilities. They also monitor and control access to and from such facilities. Examples, doors, locks, hearing and
air conditioning, smoke and fire alarms, fire suppression system and cable locks, etc. Separating the network
and work place into functional areas also called physical control.
An important physical control that is frequently overlooked is the separation of duties.
Separation of duties ensures that an individual can not complete a critical task by himself. Example, an
employee who submits a request for reimbursement should not also be able to authorize payment or print the
check. An applications programmer should not also be the server administrator or the database administrator
these roles and responsibilities must be separated from one another.

Cryptography is Information Security

Cryptography is the practice and study of hiding information. Information security uses cryptography to
transform usable information into a form that renders it unusable by anyone other than an authorized user; this
process is called encryption. Information that has been encrypted can be transformed back into its original
usable form by an authorized user, who possession the cryptographic key, through the process of decryption.
Cryptography is used in information security to protect information from unauthorized
or accidental disclose while the information is in transit (either electronically or physically) and while
information is in storage.
Cryptography provides information security with other useful applications as well including improves
authentication methods, message, digest, digital, signatures, non-repudiation and encrypted network
communications.

Lesson 7
Personnel Security

Personnel Security Defined

- Refers to those practices, technologies and/or services used to ensure that personnel security
safeguards are applied.

Personnel security safeguarding take into account:

1) Granting or withdrawing physical and system access privileges upon; hiring an employee,
transferring an employee to another entity or agency, terminating an employee or which an
employee resigns or changes of duties within an entity or agency.
2) System access will be granted, modified and revoked via a formal and auditable process.
3) Security training to reinforce existing standards.
4) Non-disclosure agreements will be signed by all individuals who need access to
“sensitive/confidential” information, prior to granting access to that information.
5) Background checks of personnel may be required depending on the sensitivity/confidentiality
information accessible to that position.

The term “Auditable Process” refers to specific documentation which can be a manual or an
automated process that provides sufficient evidence that will allow one to trace the events of an action that has
taken place.
“Sensitive Data/Information” refers to critical information for which the unauthorized access, loss,
misuses, modification or improper, disclosure could negatively impact the ability of the entity or agency to
provide services and benefits to its customers.
“Confidential Data/Information” refers to information that involves the privacy to which individuals are
entitled by law. This information may only be disclosed to those individuals that are authorized and have a need
to review the data information.

Some Purposes of Personnel Security

 1. To insure that a firm hires those employees best suited for the firm; and
2. Once hired, to assist in providing the necessary security to these employees while they are carrying
out their functions.

Key Functions of Personnel Security

1. It serves as a screening device in hiring suitable employees.
2. It provides background investigation services of both potential present employees, for possible
assignment to sensitive position.
3. It handles investigation of employees suspected of wrongdoing.
4. It attempts to ensure the protection of employees from discriminatory hiring or terminating
procedures as well as unfounded allegations of illegal or unethical activities and conduct.

Personnel Security Investigation (PSI) Defined

- Is a process of inquiry into the character, reputation, discretion, integrity, morals and loyalty of an
individual to determine the suitability for appointment or access to classified matter?

General Techniques in PSI

1. Background Investigation (BI) – this technique is very expensive but necessary in personnel security. It
serves in verify information on the application form and to obtain other information pertinent to the
decision to employ. It consist of,
 Partial Background Investigation (PBI)
 Complete Background Investigation (CBI)
Every entity should require individuals to complete verification of employment forms for
all prior employees or provide equivalent documentation that contains all information on the
verification of employment forms in a clear and readable format. The following full contact information
for all responsible parties who act to confirm employment verification:
 Components of Complete BI
 Applicant Name
 Organization Membership
 Date of Birth
 Neighborhood Investigation
 Present Residence Address
 Character Reference
 Personal History
 Employment History
 Marital History
 Military History
 Residence History
 Foreign Travel History
 Citizenship
 Criminal Record
 Physical Data
 Credit records
 Educational History
 Applicant’s Signature
 Data of Application
 Local Agency Check
Local Agency Check (LAC) is a BI activity where the sources of information involve only
local agencies in the community such as the local government units.
a) Barangay Clearance
 b) City or Municipal Clearance
c) Local Police Clearance
d) Court Clearance
 National Agency Check
Like the Local Agency Check (LAC), NAC is also a BI activity but the sources of
information involve the national government units.
a) National Bureau of Investigation (NBI) clearance
b) PNP Directorate for Intelligence (DI) clearance
c) Intelligence Service, AFP (ISAFP) clearance
 Positive Vetting
Is the process of inspecting or examining with careful thoroughness? The essence of
vetting that it is a personal; interview conducted under stress. It is based on information is used during
the interview, such as those discovered in the BI, which confirms or denies this given by the applicant.
 Profiling – is the process whereby a subject’s reaction in a future critical situation is predicted by
observing behavior or by interviewing him or analyzing his test. The “Reid Report” is an example of
honesty test.
 Deception Detection Techniques – this is a process of using devices in detecting deception during the
interview stage. This includes the use of a Polygraph, Psychological Stress Evaluator and Void Analyzer.
 Financial and Lifestyle Inquiry – this type of investigation seek to gather information on income and
mode of living, sometimes referred to as the “earning-debt-ratio”.
 Undercover Investigation – this is the placement of an agent in a role in which the agents true identify
and role remains unknown, in order to obtain information for criminal prosecution or for recovery or
limitation of asset losses.
 Exit Interview – this is a valuable tool because it gives departing employees an opportunity to list
grievances. It offers security managers an opportunity to learn of problems not previously known.
Incorporating a checklist of company issued known. Incorporating a checklist of company issued
properly and confronting a departing employee of this has resulted in reducing losses of company
property. Debriefing an employee is also incorporated into the exit interview to remind employee s of
their continuing legal obligation to safeguarding confidential company information.

Security Education Defined

- Security Education is conducted to develop security awareness among employees of the company.
It should cover all employees, regardless of rank or position.
- A seminar type program given to employees of an installation pertaining to protective measure
security procedures, personnel safety and protection of properties threat.

Objectives of Security Education

a) Guidance for all supervisory and executive level of the organization.
b) A mandatory indoctrination on security for all new personnel before their assignment to their
respective jobs.
c) Development of a high degree of security consciousness among the selected supervisors and other
key personnel in a program that should be continuing and supported by top management.
d) A down- the-line security program aimed at instilling consciousness and dedication through
demonstration, lectures, motivations and suggestions.
e) To let all employees force informed that they all belong to the organization and that non-awareness
to the security program is tantamount to disloyalty.
f) That the program is also to develop discipline, loyalty and belonging.

Phases of Security Education Program

 1. Initial Interview – it is the first contact of the prospective employee wherein the interviewer
determine the suitability of the applicant for employment through his give answer on the different
type of question is being conducted. It is in this stage where, the interviewer may start providing
the necessary information as to the overview of company security policies and at the same time on
the employee accountability and corresponding penalties that could result from violation there
from.
2. Orientation and training – it is in this stage where new employees receive detailed presentation of
personnel security policy. Usually handouts or employees manual are being distributed for
reference. New employees also requested to sign acknowledgement that they have been aware of
the existing company policies and will abide the same.
3. Refresher conference – it is design to remind employees of the company about their
responsibilities, review the guidelines and policies, introduction of new policies and regulations and
a moment of getting employees feedback about the company policies what is being implemented.
4. Security Reminder – a phase which employs an indirect approach of educating the employees such
as posting security posters and distributing fliers.
5. Security Promotion – it is the act of emphasizing the importance and role of security achieving the
company goals and objectives. It involves securing employees cooperation and support.

Guidelines in Personnel Security

As to Trustworthiness
a) Physical Qualifications – operators should pass a physical examination administered by a licensed
physician. The examination should be designed to measure the individual’s physical ability to
perform assigned ob duties, as identified in the organization’s job qualification program.
b) Mental Qualification – individuals whose job duties are directly associated with the effective
implementation of the organizations process controls should demonstrate mental alertness and the
capability to exercise good judgment, execute instruction, and assimilate assigned tasks. These
individuals should posses’ acuity of senses and ability of expression sufficient to permit accurate
communication by written, spoken, audible, visible or other signals required by assigned job duties.
Individuals should have no established medical history or medical diagnosis of epilepsy or diabetes
or where such evidence that the condition can be controlled with proper medication so that the
individual will not lapse into a coma or unconscious state while performing assigned job duties.
c) Psychological Qualifications – the entity should be required to evaluate the possible impact of any
noted psychological characteristics that may have a bearing on trustworthiness. Control system
operators should have no emotional instability or affiliations with organizations that pose a threat
to security that would interfere with the effective performance of assigned job duties. This
determination should be made by a licensed psychologist, psychiatrist, physician or any other
person professionally trained to identify emotional instability.
d) Behavioral Observation – the entity should be required to observe individual behavioral changes
which, if left unattended, could lead to acts detrimental to the public health and safety. Individuals
should have no established medical history or medical diagnosis of habitual alcoholism or drug
addiction or when such a condition has existed, the individual should provide certified
documentation of having completed a rehabilitation program that would give a reasonable degree
of confidence that the individual is capable of performing assigned job duties.
e) Voluntary Assessment – the entity give an individual an opportunity to report any information
concerning authorization and security to perform assigned job duties.
f) Continuing Assessment – the entity should arrange for continued observation of individuals and for
appropriate corrective measure by responsible supervisors for indications of emotional instability of
individuals in the course of performing assigned security job duties. Identification of emotional
 instability reported by responsible supervisors should be subject to verification by a licensed,
trained person.

As the Capability:
a) Education and Experiences – individual should be required to possess a high school diploma or pass an
equivalent examination destined to measure basic job-related mathematical, language and reasoning skills
as well as the ability and knowledge required by assigned job duties. Individuals should be required to have
the defined minimum amount of on-the-job experience for each appropriate level of operator certification
required by their assigned job duties.
b) Training – each individual who requires training to perform assigned job task or job duties as identified by
the organization’s operating or contingency plans should, prior to assignment, be trained to perform those
tasks and duties in accordance with the organization’s documented training and qualification plan.
Individuals should be required to have the defined amount of training for each appropriate level of
operator certification.
c) Security Awareness – each individual should receive ongoing employee awareness sessions and training.
The individual’s role in providing protection for the organization should include training in the following
subjects:
 Adversary group operations
 Motivation and objectives of adversary groups
 Tactics and force that might be used by adversary groups to achieve their objectives.
 Recognition of sabotage related devices and equipment that might be used against the organization’s
facility or shipment vehicle.
 Facility security organization and operation.
 Type of physical and cyber security barriers.
 Weapons that might be use by adversary groups to achieve their objectives.
 Lock and key control system barriers.
 Potential vulnerability and consequences of sabotage of a facility.
 Access control system operation
 Contingency response intrusion or attempted intrusion.
 Control system operation after component failure.
 Social engineering, unauthorized inquiries to illicit secure information such as passwords, network
design, process descriptions or schematics.
d) Updates on Current Trends – individuals should be certified before being allowed to operate controls
systems. Certification should require that the individual attain a passing score on an examination that tests
the individuals knowledge of the following topics:
 Calibration
 Loop checking
 Troubleshooting
 Maintenance/Repair
 Project Organization
 Proprietary Systems

Note: examinations consisting of multiple-choice questions and written problems that test the candidates
ability to apply the knowledge and skills required for each subject are recommended.

As to Securing Environment
a) Vulnerability and Risk Assessment – the entity should require a Security Vulnerability Assessment (SVA)
process to assess risks and make decisions about operating risks.
b) Internal Audits – the entity should collect information and periodically evaluate the success of their security
assessment techniques and other mitigation risk control activities. The organization should also evaluate
the effectiveness of its management systems and processes in supporting sound security management
decisions. Examples of items to review:
 Current security and environmental regulations.
 Examinations items for relevancy and validity.
 Compliance and infraction statistics
 Enforcement and management follow-up
 Budget and staffing for the personnel security program
 Training relevancy and currency
 Training relevancy and currency
 Training requirements versus examination performance
 Data management system
 SVA results, accuracy, action items.

Note: keeping detailed record of security incidents help managers should be able to spot trends and assemble
facts that lead to successful investigations. Some security managers use incident management software, which
has graphing, charting, and search functions that can help bring an offense or loss pattern to light and identify
issues of security concern. Incident data is only available for analysis if establish several channels for incident
reporting.
c) External Audits – the entity should require personal security programs that will include ongoing outside
involvement in the revision and operations of the personnel security program. A stakeholder board or
advisory committee is operators, environmental/public health groups, police/security groups, general
public, primary vendors and subcontractors, process control technical assistance providers, organization
managers and trainers.
d) Enforcement – the entity should have the ability to suspend operator certification or take other appropriate
enforcement action for operator misconduct. Examples of an individual’s misconduct include fraud,
falsification of application, gross negligence in operation, incompetence’s.
e) Emergency Plan – organizations emergency plans should require training of key participants to ensure they
have the skills and knowledge to effectively carry out those plans. A training and orientation program for
key responders should be developed and periodically reviewed. Periodic exercises should include scenarios
that include first responders from law enforcement, fire, and state authorities.
Each organization should develop a means to advise and communicate to operator
personnel and others as warranted by the security condition. Organizations should consider a means of
establishing emergency communication and contact information with appropriate agencies. Consider
redundant emergency communications in both the hardware and the means for contacting agencies.
f) Control System Access – control system areas should have personnel gates and/or turnstiles with electronic
or biometric access control system that record ingress and egress to physically secure control system areas
such as motor control centers, server rooms, telecommunications rooms and control system rooms.
The entity should also control access to system areas using physical control such as:
 Sign in logs
 Photo ID Badges
 Key cards and/or number pads
 A close-circuit television system

Organizations should also consider cyber security measures such as:

 Firewalls with effective configurations
 Virus protection with current updates
 Intrusion detection systems.
 Lesson 8
VIP SECURITY

VIP Security meaning

It refers to those measures taken by close protection officers or Agents, security Officers, Law
Enforcement Officers or an Agency/Officers to protect heads of state, foreign, national or local
dignitaries, civilian or military against any personal injury, assassination, sabotage, and espionage.
These may include the protection of any government or civilian officials and individual utilized as
government witnesses.

Role of Close Protection Officers (Bodyguards’)

Bodyguards often have training in firearms tactics, unarmed combat, tactical driving and first
aid. In multi-agents unit like those protecting a head of state, one or more bodyguards mat specialize in
specific tasks, such as providing a protective escort, crowd screening and control.
Bodyguards may also work with other security personnel to conduct threat or risk assessment
and analyze potential security weaknesses.
Bodyguards often examine premises or venue before their clients arrives, to determine where
the exits and entrances are, find potential security weaknesses and meet the staff so that would the
attacker cannot pose as a staff member. As well, some bodyguards do research to be aware of potential
threats to their client, such as a protest by a radical group or the release from custody of person who is a
known threat. While escorting a client, bodyguards have to remain alert so that they are able to react
quickly to threatening situations. In some cases, bodyguards also drive their client, which means that
they have to be aware of suspicious vehicles and prepared to practice evasive driving techniques.
Depending on the laws in a bodyguard’s jurisdiction and on which type of agency or security
service they are in, bodyguards may be armed with a lethal weapon such as a pistol or with a non-lethal
weapon such as stun gun, pepper spray. Agents from government security agencies protecting heads of
state may have a fully automatic machine pistol or mini-submachine gun concealed under their clothing
or in a briefcase. Bodyguards may also wear bullet resistant vest.

Basic Security Principles in VIP Security

Every phase of security must be carefully in advance, to include the importance of the
individual to be protected, political attitude of the population, obstacle involved, means of
transportation and duration of the security mission. Following Some Principles in VIP Security
adopted;
1) The principal must be protected from all hazards and embarrassment whether caused by
personal design, accidents or negligence, and all things that can cause danger to his life.
2) Protection would not interfere with the principal’s freedom of action. Principal should be free
from everything he wants to do.
3) The principal’s privacy should be protected and security should not cause embarrassment.
Personal activities of the principal should be taken into consideration.
4) Protection must not cause embarrassment to the principal nor require the principal to
apologize from his security.
5) To take extent possible, protective personnel must adopt themselves and their measures to
the convenience of the principal.
6) Protection must unnecessarily interfere with official duties of the principal.
 7) It is the responsibility of the protective unit to Anticipate, Recognize, Investigate and
Neutralize.
8) Protective personnel should not:
a. Stand and Fight
b. Take revenge
c. Unduly expose principal to dangerous situation

Central Direction and Unity of Effort

The officer in charge should be given full responsibility for all phases of the security mission.
Close coordination must be established with all local military and civilian authorities. Civilian
authorities will include police and other interested city, municipal or other local officials.
The agencies responsible for each of the security plan must be clearly defined. Arrangements
should be made for local police to control local inhabitants. All available intelligence channels should
be used to obtain information of potential areas, persons or groups.
An advance party must accomplish coordination after the official itinerary is received.
Protective measures must be enough but inconspicuous and afford security without impending the
protectee/VIP’s performance of his functions. The degree of protection is dependent upon the degree of
contact with the public desired by the protectee.
A basic element of VIP/Executive protection is the identification and the elimination of possible
sources of danger of the VIP/Executive before the danger becomes active. Plans for a perimeter of
protection must be surprise proof and flexible enough to allow a quick response to any emergency.

Preventive Intelligence Measures

The main objective, to collect, processes and evaluates information about persons or groups of
persons who may be a danger to the protectee/VIP.
The Methods:
 Security clearance of all employees and all tradesmen who service the Executive/VIP’s
residence, quarters of Office. Security processing of gifts sent to the Executive/VIP.
 Technical inspection against covert listening devices.
 Process communications, letters that in any way indicates anyone may have possible intention
of harming the Executive/VIP.
 Maintain an album of photographs and description of individuals who are regarded as clear
risks to the Executive/VIP, including those who are penal or hospital custody.
 Liaison with other agencies for intelligence information that may come in contact with that
would indicate danger to the protectee/VIP

Defense in Depth Theory

There is no impenetrable barrier. If an unfriendly individual, organization or government can

devote time, money, personnel, material or imagination to passing a barrier he can succeed.
To achieve the ultimate results from a physical security system, it is necessary to add barrier-to-
barrier, delay time, until sufficient delay time has been accumulated to allow control and forcible
penetration.

Contingency Planning
 Security planning should be flexible, wealthy conditions, mechanical failures and failure of
lighting systems is three-ever-present potential hazards. The unexpected arrival of large numbers
visitors, audience or another situation frequently encountered. Last –minute changes in the security
plan or schedule of events occasionally routine. The security plan therefore must be sufficient fluid to
cover these and other eventualities, all of which present hazards.
A Standard Operation Procedure (SOP) format for preparation of a protective plan should
include the following requirements:
 Mission
 Concept of Operation
 Coordination and Liaison
 Itinerary area of interest
 Personnel and equipment requirements
 Cooperation
 Communication
 Logistic support
 Public relation
 Emergency information
 Command and control

The order or procedure is in writing, produced in sufficient copies and duly classified. Only key
Staff officers/personnel with whom coordination is necessary should be given a complete copy. However, all-
protective personnel are given an orientation on the contents of the order and should be familiar with the
whole operation. Each participatory commits to memory the requirements of his specific mission. And for this
reason, these instruction must be simple to understand and easy to execute.
The itinerary and other information pertaining to the travel of the protectee/VIP, which is often
attached as an annex, may under certain conditions, be also classified
Sufficient time must be allowed for dissemination of travel information to permit suitable security
measures to be taken.
The key to successful accomplishment of a security mission is detailed continuous planning a careful
selection, training and use of personnel.

Mission Orientation

An orientation/briefing must be conducted by the officer in charge or the protection plan, during which
he explains fully the contents of the plan.

Conduct of Security Personnel

Police/Security personnel assigned to these duties are selected to the basis of the appearance,
alertness and intelligence, as well as their ability to act quickly and correctly in unforeseen circumstances.
Restriction on the circulation of the individuals should be strictly enforced. Before any person allowed
approaching the protectee, the person is checked carefully for identification and the authority for his presence
is established.

Protective Detail Weapons and Equipment and Vehicle

There is always the danger of accidental discharge and injury of innocent persons when
weapons are carried. All protective personnel must be qualified to fire the weapons with which they are
armed.
 a) Handguns – Revolver and semi-automatic pistol, Revolver is simpler to use, less
likely to malfunction and easier to put into action. Semi-automatic pistol is easier to
conceal has greater fire power and easier to fire once in action.
b) Shoulder Weapon
1) Shotgun – Recommended for defense against assault or vehicular
penetration. 12 gauge pumps best. Noise and fire will shock anyone in
front. Noise of round being loaded may stop aggressive behavior of an
individual or crowd. Alternate round of “OO” buckshot (9) pellets and
rifled slug (1 ounce round) can clear path or stop vehicle as well or better
than any handheld weapon.
2) Sub-machine Gun – Recommended for every motorcade and collected
post. 9mm recommended provided weapon can be concealed and fire semi-
automatically. Shotgun and sub-machine gun should never be placed in the
vicinity of protected principal since assault will be first directed at man
armed with them (biggest danger). Should be placed in rear or on flank to
provided covering fire protection.
c) Other Equipment
1) Extra Ammunition
2) Handcuffs
3) Identification Card
4) Bullet Resistant Vest
d) Detailed Equipment
1) Shot guns
2) Sub-machine Guns
3) Ammunition
4) Bomb Blanket
5) Heavy personnel armor
6) Tear gas
7) First aid equipment
8) Oxygen
9) Stretcher
e) Vehicle
1) Armored limousine for principal
2) Armored limousine for protective personnel

The detail must have and maintain at least two limousines for the principal and two security cars for
themselves. The vehicles should be under twenty-four hour guard and one limousine and one security car
should be positioned always and ready for immediate use. Drivers should be detailed officers and trained with
the details. A large number of kidnapping and assassinations have occurred because of inaction or
inappropriate response on the part of the drivers. An untrained driver doubles the security risk.
Radio – Details for the principal should have exclusive use of the two radio frequencies:
First, for the use of the principal’s inner perimeter group, each man with
portable radio, with hand mike and earplug.
Second, for the use of the principal’s protective posts (counter sniper, checkpoints,
surveillance posts and liaisons with other cooperating units). Each permanent security car
should have a car radio on his frequency, including the principal’s car fitted with earplug
adaptor.
Note: Protection for Chiefs of state and other high level government necessarily are greater in scope than
usually provided for private citizens. Threat levels are generally higher and the result of harm and
embarrassment to the protectee or principal’s is greater, since it may affect the nation as well as the individual
accordingly. The organization with responsibility for protecting those individuals needs high, dedicated, well-
trained professionals supported by grilled specialists within the organization and by other security organization
in the government.
Protective operations need to anticipate and prevent or at least,
limit dangers or embarrassment to the protectee or principals. Since 100% protection is never impossible, the
objective must be to eliminate risks or at least, produce them to an acceptable level. The basic concept in
achieving this objective is a buffer of protection screens around the protectee or principal’s to prevent an attack
or absorb its effect.
The outer screen consists of military security personnel, police personnel and some members of
the protective organization. The inner screen always consists of members of the protective organ

Crowd Control

Protective personnel should understand the principles of crowd control. They should not show
prejudice or sympathy, or become involved in any grievances expressed by the crowd.

Security Preparation in local or foreign travel

a) Advances Preparations
Arranging for time-able/itinerary and coordination with those concerned with visit, local or
foreign law enforcement security men.
Conduct security survey and inspection of routes, quarters, and conference; luncheon and or
inaugural site.
Arrange for security measures for motorcade routes, quarters, conference site. Conference
danger to the executive, such as persons, organizations or obtain copies of photographs and place
these persons under surveillance.
b) Motorcades
Select and consider the best motorcade route preferably the most direct route to
destination. Select a route, which afford a chance to have alternative routes if something happened on
the motorcade route.
Review or dry run the route and take notes on the requirements for controlling the crowd and
traffic and deployment of foot patrolmen and motorcycle police a various positions along the route.
Arrange for police or building custodian to inspect building along the motorcade routes.

Security in Inaugural/Conference/Luncheon Sites

1. Control access to the building/sites
2. Closing off and policing areas around it
3. Securing rooftops and adjoining building
4. Ensure the presence of numerous police officers inside and around the building/site.

Security in VIP Officers/Quarters/Residence

1. “Defense-in-Depths” Barriers- concentric patterns (any attack will have to penetrate layer after
layer of defenders, the heaviest layer of defense, being closest, being closest to the Executive/VIP.
2. Outer ring- sidewalks, stationed in front of quarters/residence/office, covering all entrances, front,
center, side and rear.
3. Middle ring – inside quarters, office/residence, covering all stairways and elevators.
4. Inner ring – immediately outside executive/VIP’s door, or close to Executive/VIP if outside.
Personnel Duty
1. To hold one position no matter what happen outside of his own ring.
2. Be ready to place his own body between the Executive/VIP and any danger to him.
3. Be prepared to intercept a bullet, knife or other weapon with his own flesh.
4. The final defense against an attack on the person of the Executive/VIP (as human shield).

VIP Security Measures in all Areas

1. Establish screening points to allow only authorized person’s access to the protected area/person
and to keep out those who have no valid reasons to enter the same.
2. Duty stations or posts should be marked on a floor/ground plan or sketch/map.
3. If an unusually large crowd are expected along a parade route security men may call on the armed
forces to station troops along the line of marched.
4. If the protectee/VIP travels by train, a pilot angle must run the trucks in advance of the VIP train.
5. Every manhole and sewer along the route should sealed.
6. Every single building and all its occupants along route should be checked.
7. Bellboys, waiter, cook should be cleared.
8. Food to be cooked must be examined and samples sent to laboratory for analysis.
9. Inspect for time-bombs, radio – active materials and fire hazards.
10. Inspect closest and under the tables.
11. Never allow the VIP to stop his car in a crowd if can be avoided.
12. Drivers for the VIP can be competent, reliable, and well trained in protective driving and must be
alert for danger and to take instant action.
13. While walking, it’s necessary to increase the number of guards because the VIP becomes an easy
target.
14. In case the VIP’s going to speak at hasty made stage, its strength and capacity should be inspected
to limit the persons going up to stage.
15. During afternoon sessions, lighting facilities much be checked or installed. It is estimated that the
program may reach up to nighttime.
16. An alternate generator for emergency use is made available if source of electric power is from a
central source. Designate qualified electrician to watch may source or switch.
17. If traveling by air close the door of VIP plane when parked and place constant guards every time.
18. If traveling by watercraft, select boats of type and size capable of facing danger at the ocean.
Thorough inspection is made on the ship and checks the adequacy of lifesavers and emergency
facilities.
19. All non-uniformed men must wear signs of countersigns for identification.
20. Checklist of all security hazards noted in the course of security survey or inspection should be given
the OIC for reference/planning.
21. Security plans and specific duties of men assigned or details must be stated.
22. All written instruction must be classified SECRET.

Threat Analysis and Reaction

1. Concentration do not get loss or be left behind, takes only a second or two (to get killed)
2. Anticipation –anticipate your fellow officer/escort moves you can keep the protective formation
together nice and well coordinated. Because obstacles, obstructions and areas of threats, the
movement of Close-in security/escorts will be spasmodic and spontaneous.
3. Relaxation/Observation –observation should be done in a relaxed manner. Be very attentive but
looking relaxed. One that is nervous, sweating, and fidgety with quick spasmodic movements over
his shoulder very unnerving for everybody, including the protectee/principal. You will stand out for
the entire public to see.
 4. Common sense- most important part. Common sense comes from using your brain, foresight,
experience and good training.
5. Participation within the Team – the Team must train together and understand completely what
their job in and their responsibilities. There will be big gaps in defense if we do not have
participation within the Team.

Other Guidelines for VIP Security

a) Security Formations – assist in allowing the Protectee/VIP to have the best possible protection and
defensible position even for the limited amount of manpower while protectee is mobile/in transit or static.
b) Threat Evaluation – is to ascertain at varying times and functions which will give the best formation
sequence or set. Other considerations are threat levels, type, and advance planning for staff levels.
c) The Need for Close-in/Escort security officers- such as first aid requirements and special weapons and other
logistical needs must be considered. One must have the ability to use a lot of common sense and attention
to detail, to give the possible protection, without overbearing or on top of the protectee/principal. Fully
aware with this information, the close-in/Security Escort team will be well equipped, with an understanding
of their respective position, alternatives and functions. These could be varied hourly, in response to current
threat level and areas of coverage or occasions in any of the following:
 Crowds, restaurants, home, office – public transport, bus, taxi.
 Friends of protectee/principal, business
 Functions: private, public, business
 Huge crowds: a tight-packed area of swirling bodies
 Elevators: opening a door to the unknown, stopping at unknown floors.
 Escalators: progressing into the unknown, turn side on, so that you can see the front at one side and
the area behind you. As you rise with the escalator, you will become level with the floor behind before
giving you something to watch.
 Stairs: give way, standing doors on way
 Doors: cannot see through them, an unknown reality.
 Street light: workmen, doorways, shops you at walking past, hotels or dubs and doorways should
always be covered the protectee/principal walks pass.

Security or Protective Formations

a) Walking Formation – Following symbols is used:
1. Principals …………………(P)
2. Shift Leader ………………(SL) Or Deputy in Charge ……... (DIC
3. Point Man ……………….. (PM)
4. Right Flank Man ….…...(RFM)
5. Left Flank Man ………….(LFM)
6. Tail Man ……………………(TM)

b) Walking formation will be evaluated using four factors;

1. Coverage – the capacity of the formation to observe the area around itself.
2. Passage – the capacity of the formation to adopt and to protect the principal when
dismounting and entering vehicle, passing through windows and stairs.
3. Crowd – the capacity of the formation to move the principal through a crowd
(consider both friendly and hostile crowd).
4. Cover and Evaluation – the capacity of the formation to neutralize.
c) Protective Plan – Suggested format:
Who – is the principal?
What – is the purpose of the visit?
When – will the principal arrive and depart?
 Where – are the places the principal will visit?
How – the principal will be protected?

d) Formations
1) One Agent – This is the simplest formation. The Deputy in Charge (DIC) is
responsible for 360 degree coverage.(Illustration below)

DIC

2) Two Agents – In this formation the Deputy in Charge (DIC) and Advance Deputy
(A) share the responsibility for coverage each his own 180 degree sector.
(Illustration below)

DIC
 3) Diamond Formation – Five security personnel provide protection to the principal in
diamond formation. When the principal goes left, the security personnel
automatically go left while maintaining their position in the formation, in such a
manner that the LFM becomes new the PM; the TM, become LFM; the PM, become
the RFM; and the RFM, now the TM. (Illustration below

PM

P RFM
LFM
DIC

TM

4) Simple Diamond – The advance deputy along with deputies and Shift Leader (SL)
have equal responsibility. While the Deputy in Charge is primarily concerned with
the principals immediate surroundings. Illustration below,

P
 DIC
I SL
5) Mounting and Dismounting in Vehicle

When principal mounts the vehicle intended for him, each security personnel covers the
right and left front of the vehicle facing outward, with their vision scanning their respective
area of responsibility. The DIC shall stay close to the principal, covering him with his body as the
principal boards the car. Once the principal shall have seated the DIC will immediately take the
front seat beside the driver. When the DIC shall have seated the security personnel will take
their respective seats in their own vehicle swiftly.
In dismounting, see illustration below.

O PM

O O

O O

Lesson 9
SECURITY SURVEY AND INSPECTION
Security Survey Defined
- It is an estimate of the security standards of a unit and is conducted to enable the responsible
officer to recognize and evaluate security hazards and determine protective measures
necessary to the prevention of sabotage, espionage, subversive activities and other criminal
acts inimical towards the interest and/or mission of the unit and or command.
Purpose of Security Survey
The security survey will be used by the senior facility manager or industrial planners in
determining the type and extent of security controls. Each type of physical survey will include the
determination of the security level of the facility and a security evaluation which addresses the
criticality of operations, the vulnerability of the facility or area and probability of compromise of the
personnel and property contained therein.
Standard requirement in a Security Survey
1) Criticality – is the effect that partial total loss of the facility or area would have on the facility’s mission.
The adversity of the effect directly related to the criticality factor. Examples of adverse effects include
the interruption of a vital function, disruption of the continuity of operations or the compromise of
national security information. A higher classification level of information handled or stored in a facility
or area will increase the criticality.
2) Vulnerability – is the susceptibility of a facility or area to damage or destruction or the possible theft or
loss of property. Factors used to determine vulnerability include the size, configuration and location of
the facility or area, the local crime rate, and the proximity of law enforcement and emergency response
services.
3) Probability/Risk – deals with an assessment of the chances or risk that certain events could or might
occur such as penetration of the perimeter, compromise of a system or the occurrence of a variety of
unauthorized activities.

Step on Conducting Security Survey

a) Initial Survey – the initial physical security survey is conducted before constructing, leasing,
acquiring, modifying or occupying a facility or area. It describes any modification required to raise the
level of security commensurate with the levels of criticality and vulnerability.
b) Follow-up Survey – when recommendations are made in the initial physical security survey, a follow-up
survey is conducted to ensure the completion of modifications. This survey should be conducted before
acceptance of the property or occupancy.
c) Supplementary Survey – is conducted when changes in the organization, mission, facility or the threat
level of the facility alter or affect the security posture of the facility or area. This survey is conducted at
the discretion of either the facility manager or senior security officer.
d) Special Survey – the special survey is conducted to examine or resolve a specific issue, such as when
there is a request for a Sensitive Compartmented Information (SCI) accredited facility or there is a need
to investigate or assess damage resulting from an incident.

What IS Security Inspection?

It is a check of low well existing security measures and regulations are being carried out within a
command. A security inspection may also include an investigation of alleged or suspected security violators.
Physical security is concerned with forces, entrances and exits, guards, traffic control, lighting, fire control and
with such other physical measures, which, if properly established and maintained, will deny access to,
unauthorized persons.

Purpose of Security Inspection

Security Inspection which may be announced or unannounced, are usually conducted to determine the
extent of compliance with security regulations or procedures, including those recommended during surveys.
The security officer shall inspect facilities and programs applicable standards. The inspections should result in
written inspection reports.

Security Survey Distinguish with Security Inspection

The terms “Security Survey” and “Security Inspection” to accentuate the particular differences between
the two types of services:
Security Survey is defined as a counterintelligence service to assist heads of office in determining the
security measures required to protect key installation from possible sabotage, espionage, subversion and
unauthorized disclosures of, or access to, classified information or material contained therein.
Whereas, Security Inspection is a counterintelligence service performed to determine compliance with
established security policies and procedures.
Stage in Conducting Security Inspection
1. Evaluation –the evaluative or fact finding inspection is generally positive in tone and promotes
liaison and security awareness while taking a broad, general outlook of a facility or program.
Deficiencies, which may be resolved either on the spot or within a non-specified time frame, may
be note and recommendations for further corrective actions may be made. The evaluation
inspection can also help management officials in planning or upgrading their security programs.
2. Compliance- the full compliance inspection generally is conducted for enforcement purposes. It
focuses on compliance with established standards or regulations.
3. Follow-up – another form of compliance inspection is the follow-up inspection, conducted to
ensure that facility officials have complied with recommendations from earlier inspection.
4. After-hours Room Check – the after-hours room check is a form of compliance inspection. It
monitors compliance with security regulations, especially involving areas where national security
information is processes or stored.
5. Self-Inspection – the self-inspection is initiated by the security officer or facility manager to
evaluate his/her own security program. Additionally, self-inspections are required by each Top
Secret Control Office, Classified Document Custodian and Special Security Officer to evaluate all
security procedures applicable to their operation. The scope and purpose of the self-inspection for
an office, building or other facility is determined by the initiator.
6. Closeout – a closeout self-inspection is accomplished immediately prior to the action to
administratively terminate an authorized Top Secret Control Station, Classified Control Station or
Sensitive Compartmented Information Facility if any. During closeout inspections, all areas and
containers authorized for the storage of classified material are checked to ensure all classified
material has been removed.

Basic Steps in Conducting Security Inspection

1) Plan an inspection by determining the scope, type, and method. Schedule the inspection, and if
appropriate, provide written notice. The notice should provide the dates, purpose, proposed
interview schedule and request for any information needed by the security officer. Review past
inspection.
2) Upon arrival at the site and before departure, the inspector should meet with the senior manager
to discuss the inspection. Collect a sufficient sampling of data from interviews with on-site
employees and contractors and from touring the facility. Obtain information to support finding as
well as deficiencies. Check awareness and adherence to local security procedures. Document any
discrepancies corrected on the spot.
3) After sufficient data is collected, the inspector should analyze all findings, compare them with
applicable security regulations, list discrepancies and cite regulatory references, recommend
corrective action, and write the inspection report.
4) The inspection report should be produced within 10 working days of completion of the inspection
standard. The report should be distributed to the office, facility or regional manager in a timely
manner and require a response to any recommendations. Copies of final inspection reports shall be
provided to the Security Management Office.

Role of Security Officer in Offices

With the exception of the head, the security officer is more interested in the survey that any other
individual of the office. It is the security officer who is directly responsible to the head of office for proper
maintenance of security of the security program of the office.
A survey specialist must be cognizant of established security procedures relative of the office since
much of the survey including the resulting recommendations will be affected by these measures.
Authority in Conducting Security Survey

The Unit head may request a survey of the entire office or of specific function or a unit within the office.
When higher authorities directs a security survey to be conducted for one of its subordinate office, an
information copy of the correspondence may also be forwarded to the unit to be surveyed.
It must be remembered that a security survey is not conducted solely for the purpose of establishing a
security program of an office. The head of office is directly responsible for establishing a system for his office
after which a survey may be conducted to determine if the program is adequate in comparison with the
importance of the office to the overall national objective
Some of the situations under which a security survey may be requested or directed:
 Activation of an organization or office
 Reactivation of an organization or office.
 A substantial change the mission, number of personnel, structures or real estate of the office.
 Indications of laxity in the security program which would indicate the need for a complete a revaluation
of the security system.
 When no record exists of a prior survey having been conducted.

Initial Orientation Briefing

Simply providing printed security regulations is not an effective way to promote complete
understanding of security responsibilities. A verbal orientation briefing preferably supplemented with audio-
visuals and handouts is more effective. Where possible, it should be presented personally. Where this is not
practical, it may be presented in the form of videotape or other recording.
The initial orientation, whether written or verbal, should address general physical security principles,
including common security hazards, building security and crime prevention, key system or other site-specific
access controls, vehicles control and property accountability or package inspection programs.

Special Briefings

National Security Briefing – these are information security briefings that apply to individuals who
handle classified information. The briefings focus on classifications, markings, transmission, disclosure,
safeguarding and destruction of information.
Special Access Briefing – these are briefing related to the various special access programs such as those
administered by the higher management or national offices.

Final Briefing

The final conference is an oral to the chief wherein the specialist determines whether or not his
tentative recommendations can be realistically implemented. The specialist discusses the recommendations
with the command since information may exist which may negate or change the recommendation. In many
instance the chief may have unsuccessfully attempted to implement corrective measures or recommendations
are not feasible for some reason unknown to the agent. If the chief has unsuccessfully attempted to correct its
certain security weakness, a report of these attempts is included in the specialist’s final report.

Essential Consideration in Security Inspection

Preliminary Planning;
 1) To assure as much as possible the successful completion of a security survey, a chronological plan of
action is developed. The first action taken by the security survey agent is to prepare for and
conduct actual conduct of the survey.
2) A very important consideration during the preliminary Planning stage is the use of a checklist. This
is a list of general considerations or specific points that must be covered during the survey.
Checklists may be either the general type or the specific or detailed type.

Preliminary Exterior and Interior Check

As soon as possible after the initial briefing, the specialist conducts a tour of the area surrounding the
office. The purpose of such an inspection is to gain a general knowledge of those elements outside the office,
which do or could conceivably have either a direct or an indirect influence upon the security of the office.
It is often in the areas adjacent to the office that you find many of the office personnel congregating for
relaxation and checks geographical features: terrain, road and railroad networks, bridges and natural or man-
made hazards near the office.

Escort Personnel
It is often desirable for both the specialist and the office that an escort accompanies the specialist
during the survey. Preferably, this escort should be the security office of the office or his representative with the
security practice and procedures employed as the office.

History of the Units to be surveyed

When the survey specialist completes his check of the surrounding area of the installation and
preliminary survey of the interior of the installation, he is ready to commence the analysis of the office’s
security program.
The specialist first determines the history of the organization to be surveyed and or the office on which
it is located. There may be some information contained in the history of the organization or office which may
directly affect the security situation as it exists during the current survey.

Analyzing Existing Security

Having completed the preliminaries and determined the level of required security, the specialist must
no ascertain the existing level of security of the installation. The position of the survey is a minute examination
of all factors pertaining to the physical security, security of personnel and the security of information. It includes
the collection of all factual data that effects the security of the office. This data will include all preventive
measures as well as hazards and deficiencies any of the security measures the specialist examine are not based
upon existing requirements. The specialist arrives at his own conclusion and this conclusion is reflected in his
recommendations.

References:
1. Rommel K. Manwong, Industrial Security Management 2020 Editon. A textbook for
Criminology and security.