Threat, Risk, and Vulnerability Assessment - Secure Storage Facility
Thursday, 22nd September 2022
Trident Manor was engaged by the owners of a secure storage facility to undertake a security threat, risk and vulnerability assessment of their premises as part of their quality management programme.
Trident Manor representatives were requested to visit a secure storage facility to undertake a review to ensure that the quality of protective security measures continued to be appropriate for the needs of HNW (High Net Worth) clients. The physical, technical, and operational security measures were reviewed alongside the risk management governance to identify any new gaps or vulnerabilities that had happened since the previous review.
By using the ‘TLAC’ (Think Like a Criminal) approach we were able to identify damage that had been caused to the perimeter fencing and issues around general housekeeping such as cutting back vegetation to enable better CCTV coverage. We were also able to identify new vulnerabilities that had been created following damage that had been caused to the locking system on an emergency exit.
It is important that a layered security approach is adopted that creates ‘security in depth’ and makes the breaching of the barriers more difficult especially when they overarch and are interlocked. The protective lines started from the spaces controlled by the client irrespective of whether open to the public or enclosed within private spaces. Consideration was made regarding vehicle mitigation measures and pedestrian access routes around the building. Access points into the facility and the physical barriers protecting them were reviewed to ensure that there was resilience and robustness that would create a delay in the entry while awaiting a response to the alarm notification.
When undertaking such reviews it isn’t acceptable to only consider criminal or adversarial threats. For example, if the site is in a flood zone what measures have been introduced to manage those risks? Is there a clear delineation between storage materials and stored items, and between general and secure storage? Are there environmental considerations for example artworks in too cold/hot a setting, or items of literature in a damp container?
By looking beyond the obvious, greater opportunities to reduce and better manage the risks faced by the client can be implemented.
Trident Manor not only undertakes announced audits but as our other case studies have shown we do unannounced 'Red Team' penetration testing'. On this occasion access into secure spaces was not possible without a forced entry.
Ultimately, the protective security levels and layers at this venue were of a good standard but it is always appropriate for business owners to proactively quality assure the means that they use in protecting their, and their client’s assets. There will nearly always be recommendations and ways of improving the levels of protection further, but it is great to see a higher starting point.