Best Practices For Planning And Managing Physical Security .
2y ago
60 Views
1 Downloads
698.13 KB
43 Pages
Report/dmca
Download PDF

Transcription

Best Practices for Planning andManaging Physical SecurityResources:An Interagency Security Committee GuideDecember 2015InteragencySecurityCommittee

Best Practices for Planning and Managing Physical Security Resources:An Interagency Security Committee GuideReleased by: The Interagency Security CommitteeBest Practices for Planning and ManagingPhysical Security Resourcesii

PrefaceOne of the Department of Homeland Security’s (DHS) national priorities is the protection ofFederal employees and private citizens who work within and visit U.S. government-owned orleased facilities. The Interagency Security Committee (ISC), chaired by DHS and consisting of56 Federal departments and agencies, has as its mission the development of security standardsbest practices, and guidelines for nonmilitary Federal facilities in the United States.As Acting Executive Director of the ISC, I am pleased to introduce Best Practices for Planningand Managing Physical Security Resources: An Interagency Security Committee Guide. Thepurpose of this document is to identify practices most beneficial for physical security programs,determine the extent to which Federal agencies currently use these practices, and compile andcirculate best practices agencies can use as a supplement to the ISC’s existing security standards.Consistent with Executive Order (EO) 12977 (October 19, 1995), Best Practices for Planningand Managing Physical Security Resources: An Interagency Security Committee Guide shouldbe applied to all buildings and facilities in the United States occupied by Federal employees fornon-military activities. These include existing owned; to be purchased or leased facilities; standalone facilities; Federal campuses; individual facilities on Federal campuses; and special-usefacilities.This guide, approved with full concurrence of the ISC primary members, is a significantmilestone and represents exemplary collaboration across the ISC and among the ISC ResourceManagement Working Group. This guide was approved December 1, 2015 and will be reviewedand updated as needed.Bernard HoltActing Executive DirectorInteragency Security CommitteeBest Practices for Planning and ManagingPhysical Security Resourcesiii

This page left intentionally blank.Best Practices for Planning and ManagingPhysical Security Resourcesiv

Table of ContentsPreface . iii1 Background . 12 Applicability and Scope. 23 Roles and Responsibilities . 33.1 Director of Security or Chief Security Officer . 33.2 Facility Security Committee. 43.2.1 Facility Security Committee Chairperson . 43.2.2 Facility Security Committee Members . 53.3 Security Organization . 53.3.1 Collaborating with Supporting Organizations . 74 Resource Requirements. 74.1 General Description of Operational Capability Process. 84.1.1 Determining Critical and Sensitive Operational or Administrative Needs . 94.1.2 Conducting Risk Assessments . 104.1.3 Identifying Vulnerabilities . 104.1.4 Determining How to Mitigate Risk . 114.1.5 Managing and Accepting Risk . 124.1.6 Procuring Products and Services. 124.1.7 Conducting Market Research . 124.1.8 Defining Proposed Resource Outcomes and Cost-Effectiveness . 134.1.9 Considering Life-Cycle, Warranty and Preventive Maintenance . 134.1.10 Determining Resource Support Procedures . 144.2 Threat. 144.3 Maintenance . 144.4 Force Structure . 154.5 Schedule . 154.6 Resource Affordability . 154.7 Personnel . 164.8 Contracts. 175 Physical Security Equipment . 195.1 Key Concepts in Physical Security Resource Management . 21Best Practices for Planning and ManagingPhysical Security Resourcesv

5.2 Planning for Physical Security Resources . 225.3 Physical Security Asset Acquisition. 225.4 Operation and Maintenance of Physical Security Resources . 235.5 Disposal of Physical Security Resources . 245.6 Security-Related Information Technology Systems. 245.7 Personal Protective Equipment . 245.8 Organizational Equipment . 245.9 Training & Certification . 255.10 Life-Cycle Management. 256 Resource Integration . 266.1 Physical Security/Information Technology Integration . 267 References . 298 Resources . 30Interagency Security Committee Participants . 31List of Abbreviations/Acronyms/Initializations . 32Glossary of Terms . 33Best Practices for Planning and ManagingPhysical Security Resourcesvi

1 BackgroundThe Interagency Security Committee (ISC) was formed by Executive Order (EO) 12977, signedby President Bill Clinton in 1995 following the Oklahoma City bombing. This devastating eventprompted the White House to establish a permanent body to address the continuing governmentwide physical security needs for Federal facilities. Today, the ISC is chaired by the Departmentof Homeland Security (DHS) and consists of a permanent body with representatives from 56Federal agencies and departments.In January 2013, the Government Accountability Office (GAO) produced the GAO-13-222Report Facility Security - Greater Outreach by DHS on Standards and Management PracticesCould Benefit Federal Agencies. In response to the findings presented in GAO-13-222, the ISCcreated the Resource Management Working Group to develop guidance to help agencies makethe most effective use of resources available for physical security across their portfolio offacilities and examine organizational practices of resource management.The GAO report examines the sources that inform agencies’ physical security programs, theroles and responsibilities of those that may be involved in the planning and managing of physicalsecurity resources, and the management practices agencies use to oversee physical security andallocate resources. GAO reviewed and analyzed survey responses from 32 agencies. GAO alsointerviewed officials and reviewed documents from five of these agencies, which were selectedas case studies for more in-depth analysis. The ISC Resource Management Working Group waschartered to: Identify practices most beneficial for physical security programs;Determine the extent to which Federal agencies currently use these practices; andCompile and disseminate best practices that agencies can use on a voluntary basis.In February 2015, GAO produced the GAO-15-444 Report HOMELAND SECURITY: ActionNeeded to Better Assess Cost-Effectiveness of Security Enhancements at Federal Facilities. Thereport recommends the Secretary of Homeland Security direct the ISC, in consultation with ISCmembers, to develop guidance to help Federal entities implement the cost-effectiveness andperformance-measurement aspects of, The Risk Management Process for Federal Facilities: AnInteragency Security Committee Standard. In response to the aforementioned GAO-13-222Report, the ISC Resource Management Working Group established the Best Practices forPlanning and Managing Physical Security Resources document. GAO recommended “DHSshould direct the ISC to conduct outreach to executive branch agencies to clarify how itsstandards are to be used, and develop and disseminate guidance on management practices forresource allocation as a supplement to ISC’s existing physical security standard.”1 This best1See http://www.gao.gov/assets/660/651529.pdf.Best Practices for Planning and ManagingPhysical Security Resources1

practice document expands on the guidance issued in The Risk Management Process for FederalFacilities: An Interagency Security Committee Standard. The risk management process (RMP)creates one formalized process for defining the criteria and process that should be used indetermining the Facility Security Level (FSL) of a Federal facility, determining risks in Federalfacilities, identifying a desired level of protection, identifying when the desired level ofprotection is not achievable, developing alternatives, and risk acceptance, when necessary. Asfurther discussed in Section 4, the RMP is of the utmost relevance to address cost-effectiveness,performance-measurement, and the planning and managing of physical security resources.Based on the working group’s findings, the ISC presents the Best Practices for Planning andManaging Physical Security Resources: An Interagency Security Committee Guide to the Federalsecurity community.2 Applicability and ScopeThe Best Practices for Planning and Managing Physical Security Resources is a guide intendedto provide an introduction and understanding of the most efficient processes and procedures toeffectively allocate resources to implement physical security programs within Federaldepartments and agencies. Furthermore, it is meant to assist Federal agencies with theapplication of best management practices to support budget-conscious allocation of physicalsecurity resources across an agency’s portfolio of facilities.This document provides guidance for department and agency heads, designated officials, securitymanagers, security organizations, and Facility Security Committees (FSC) to use when designinga collaborative framework for allocating physical security resources. This includes establishingroles and responsibilities for key personnel (i.e., security, facilities management, emergencypreparedness, safety, budget, etc.) involved in assessing the most efficient allocation of physicalsecurity resources. These officials should collaborate in developing applicable agency-widephysical security policies using risk management practices that compare physical security acrossfacilities and measure the performance of physical security programs.As outlined in the Government Accountability Office Reports GAO-13-222 and GAO-15-444,effective program management and performance measurement, including the use of managementpractices such as: risk management strategies, conducting inspections and tests, and acentralized management structure, is crucial to ensure the effective use of limited resources.While agencies are already using management practices to support oversight of their physicalsecurity programs, they can also leverage these management practices fo

physical security policies using risk management practices that compare physical security across facilities and measure the performance of physical security programs. As outlined in the Government Accountability Office Reports GAO-13-222 and GAO-15-444, effective program management and performance measurement, including the use of management

Related Books

BEST PRACTICES GUIDE Nimble Storage Best Practices for .

BEST PRACTICES GUIDE Nimble Storage Best Practices for .

System Planning, Deployment, and Best Practices Guide

System Planning, Deployment, and Best Practices Guide

VTE: 2016 ACCP Update with Best Evidence and Best Practices

VTE: 2016 ACCP Update with Best Evidence and Best Practices

Best Practices for School Improvement Planning - Featured

Best Practices for School Improvement Planning - Featured

7 Best Practices for Planning a CPQ Project

7 Best Practices for Planning a CPQ Project

“Best Products Best Prices Best Service”

“Best Products Best Prices Best Service”

Guidelines and Best Practices for the Installation and .

Guidelines and Best Practices for the Installation and .

Planning & Building Department Planning Commission

Planning & Building Department Planning Commission

Finding the Planning in Financial Planning - ResearchGate

Finding the Planning in Financial Planning - ResearchGate

Internal Audit and SOX Best Practices

Internal Audit and SOX Best Practices

Inventory and Warehouse Management Best Practices

Inventory and Warehouse Management Best Practices

Data Center Design and Implementation Best Practices

Data Center Design and Implementation Best Practices

PopularTags

Recent Views