Security Risk Assessment
U.S. Green Building Council (USGBC)
Providing a safe and secure workspace for staff and visitors is paramount to the USGBC leadership. To ensure optimal safety and security, a risk assessment was requested for their new 16,000 square foot headquarters location.
The basis of the assessment is the Physical Security Measures guideline, FEMA 426 Reference Manual, and GSA PBS P100. During the assessment, physical security aspects from both base
building perspective, as well as USGBC’s specific office design/layout and related operational procedures will be evaluated.
US Green Building Council’s headquarters is currently under construction within an existing multi-tenant building located in an urban area with a medium-high threat level per CAP Index. However, incident history obtained from the property manager represents a low threat level.
The evaluation, the road-map to securing the new location, and the sustained adherence to the ASIS physical security standard, FEMA 426 reference manual, and GSA PBS-P100 are managed using the ISO 31000 risk management guideline.
The process consists of six cyclical phases:
Phase 1 - Establish Context: USGBC requested a physical security assessment. Individuals with knowledge of the existing controls in use were identified to be included in Phase 2 to provide information about the existing security controls in use at the existing facility.
Phase 2 - Risk Identification: Checklist surveys designed to identify if all necessary controls are in place at USGBC were distributed to the subject matter experts identified in Phase 1. These site contacts answered the surveys questions and provided additional information in the form of comments, documentation, visual evidence in the form of photographs, and their personal recommendations for remediation.
Phase 3 - Analysis: The data gathered from the completed surveys is processed using risk assessment software for analysis. Survey question weighting is used to measure impact of responses that are deemed non-compliant with the organization's security standards.
Phase 4 - Evaluation: Assessment software identifies security gaps based on the survey results and computes a Facility Risk Score based on several factors:
- Criticality of the facility to the organization's business functions
- Potential consequence of the loss of the facility or its functionality
- Likelihood of a crime being committed in the geographical location of the facility
- Level of vulnerability due to the lack of effective security controls
This Facility Risk Score can be compared against a predetermined risk tolerance level to determine if, and how much, remedial action should be taken
Phase 5 - Treatment: Remediation recommendations are given and an Action Plan can be developed and managed through assessment software.
Phase 6 - Monitor: Periodic reassessment is conducted to monitor the continued adherence to the standard and maintain an elevated security posture.
Standard assessment findings provided (from unrelated project):
Security Program Development
Theseus Professional Services delivers custom, manufacturer agnostic engineered security solution designs to meet the unique needs of clients. Our team of professional security engineers and consultants meticulously assess and engineer solutions that protect staff, visitors, assets, and property creating safe and secure education facilities, workplaces, and healthcare facilities.