By /

Back to: ASIS PSP – Preparation Course

0

Lesson 2.2: The Security Survey

Objective: By the end of this lesson, you will be able to plan a security survey, utilize the “Outside-In” methodology, distinguish between functional requirements and equipment specifications, and identify the critical data needed for a successful design.

1. What is a Security Survey?

A Security Survey is a systematic, on-site examination of a facility and its operations. While the Risk Assessment is the analytical process (assigning values to risk), the Security Survey is the data gathering activity that feeds that process.

Key Goals of the Survey:

  1. Identify assets and their value.
  2. Identify vulnerabilities in the current physical protection system.
  3. Evaluate the effectiveness of existing security procedures.

2. Phase 1: Pre-Survey Planning (Desk Assessment)

You never walk onto a site “blind.” The survey begins before you leave your office. The PSP exam emphasizes preparation to ensure the survey is efficient and safe.

Critical Documents to Review:

  • Crime Statistics: Local police data (CAP Index or similar) for the neighborhood.
  • Site Plans: Architectural drawings, floor plans, and landscaping layouts.
  • Operational Logs: Incident reports, maintenance logs, and guard tour logs.
  • Policies & Procedures: Existing Post Orders and SOPs.

Exam Tip: If a question asks what the first step of a survey is, look for an answer related to “defining the scope” or “gathering preliminary data,” not “walking the perimeter.”

3. Phase 2: On-Site Data Collection

ASIS advocates for specific methodologies to ensure nothing is missed.

A. The “Outside-In” Approach (Concentric Circles)

The survey should follow the flow of an intruder. You start at the furthest point of control and move inward toward the critical assets.

  1. The Perimeter: Property lines, fences, natural barriers, signage, lighting.
  2. The Exterior: Parking lots, building façade, loading docks, landscaping.
  3. The Building Shell: Doors, windows, roof access, ventilation intakes.
  4. The Interior: Lobbies, corridors, common areas.
  5. The Core (High Value): Server rooms, executive suites, vaults, cash cages.

B. Collection Methods

You cannot rely on observation alone. You must triangulate data using three methods:

  1. Observation: Looking at the physical conditions. (e.g., “I see a camera there.”)
  2. Verification (Testing): Checking if things work. (e.g., “Does the camera actually record? Does the door latch actually engage?”)
  3. Interviewing: Talking to stakeholders.
    • The “Janitor Rule”: Don’t just interview the Security Manager. Interview maintenance staff, receptionists, and cleaning crews. They know which doors stick, which lights are out, and where people prop doors open for smoke breaks.

C. The “Night Walk”

A survey is incomplete without inspecting the facility during non-business hours.

  • Why? Lighting looks different, traffic patterns change, and cleaning crews might leave doors propped open.

4. Converting Findings into “Functional Requirements”

This is the most critical concept for Domain 2 (Design).

After the survey, you do not immediately pick technology (e.g., “Buy a Sony 4K camera”). You must first define the Functional Requirement.

  • Definition: A statement describing what the system must do to mitigate the risk, not how it does it.
  • The Formula: The system must [Action] [Target] at [Location/Condition].

Examples:

Bad Requirement (Technical Spec)Good Requirement (Functional Spec)
“Install a biometric reader on the server room door.”“The system must restrict access to the server room to authorized IT personnel only.”
“Install a 4MP PTZ Camera in the parking lot.”“The system must be able to identify a license plate at a distance of 50 meters in low-light conditions.”

Why this matters: If you specify a “biometric reader” but the budget is low, you fail. If you specify “restrict access,” you can achieve that with a card reader, a keypad, or a key, depending on the budget.

5. The Survey Report

The final output is a formal report.

  • Executive Summary: For upper management. Focus on high-level risks and ROI. They may never read the rest of the document.
  • Findings: Detailed observations (Photos are crucial here).
  • Recommendations: Proposed solutions categorized by priority (Immediate/Life Safety vs. Long-term).

Real World Tip: The “Roof Hatch” Trap: During a survey, always check the roof. You will be shocked at how often the front door has biometric readers, but the roof hatch is propped open with a brick because the HVAC guy forgot to close it.

Real World Tip: The ” smoker” Intel: The smokers outside the back door know everything. They know which door doesn’t latch, which guard sleeps on duty, and how people sneak in. Interview them informally.