There are many best practices, depending on your organization’s security needs. If your organization owns its own facility, landscaping and perimeter security will be a concern you will need to address. If your facility contains a data center or other highly sensitive areas, you will need to consider additional access control methods such as biometric identity verification and mechanical or programmatic locks.

The first step in ensuring physical security is to conduct a security audit. A security audit allows you to identify potential targets within your organization as well as any existing physical security risks. Some things to include in a physical security audit are:

• Documentation of existing physical security measures, including perimeter security and access control systems.
• Nonstandard entry points to the facility as a whole and to sensitive areas within the facility.
• Standard access levels. For example, certain employees may have access to the data center, while other employees and external contractors do not.
• Differences in security at various times, especially after hours.

Once existing physical security has been audited, any deficiencies or weaknesses can be dealt with. If outsourcing is an option, the organization can begin to evaluate vendors.