Annex B: Guidelines for facility protection
Use this annex in conjunction with the Chapter 5: Facility protection of the contract security manual (CSM).
On this page
I. Physical security
Organizations holding a document safeguarding capability (DSC) must establish an appropriate number of progressively restrictive zones to control access to protected and classified information and assets.
II. Types of secure zones
The first 2 types of zones listed below (public zone and reception zone) are not considered secure for safeguarding protected and classified information and assets. Their main purpose is to set up an initial base from which other secure zones can be developed.
A. Public zone
A public zone generally surrounds or forms part of an organization's facility. Examples include the grounds surrounding a building and public corridors and elevator lobbies in multiple-occupancy buildings. Boundary designators such as signs and direct or remote surveillance may also be used to discourage unauthorized activity.
B. Reception zone
A reception zone is located at the entry to the facility where:
- the initial contact between the public and the organization occurs
- services are provided
- information is exchanged
- access to restricted zones is controlled
To varying degrees, activity in a reception zone is monitored by the personnel who work there, other personnel or security staff. Public access may be limited to specific times of the day or for specific reasons. Entry beyond the reception zone is indicated by a recognizable perimeter such as a doorway or, in an open office environment, an arrangement of furniture and dividers.
C. Operations zone
An operation zone limits access to employees who are security screened at the appropriate level, and to properly escorted visitors. Operations zones should be monitored at least periodically, based on a threat and risk assessment, and should preferably be accessible from a reception zone.
D. Security zone
A security zone limits access to authorized employees who are security screened at the appropriate level. Security zones must be accessed from an operations zone and through an entry point and should be separated from an operations zone with a secure perimeter. A security zone must be continuously monitored by security-cleared personnel or electronic means.
E. High-security zone
A high-security zone controls access through an entry point and limits access to authorized, appropriately screened personnel and authorized and properly escorted visitors. High-security zones should be accessible only from security zones and are separated from security zones and operations zones by a perimeter built to the specifications recommended in a threat and risk analysis. High-security zones are monitored 24 hours a day, 7 days a week by security staff, other personnel or electronic means.
III. Elements of secure zones
- Signs can be used to define secure zones and must include the term operations zone, security zone or high-security zone. Care must be taken in certain cases that the signage does not draw unwanted attention to a specific area or zone
- The physical elements of a secure zone may vary. A security zone could also be an enclosed office to prevent unauthorized seeing or hearing of information
- The definition of secure zones may vary according to the period of use during the day or week. For example, a reception zone during public access hours may be defined as an operations zone during restricted access hours, such as on weekends and at night
- Physical security is more effective if measures, such as barriers, are adapted to normal operations as much as possible. Properly locating and segregating secure zones helps ensure functional use as well as control access
- Access to secure zones must be limited to employees who are security screened at the appropriate level and to properly escorted visitors
IV. External areas and perimeters
A. External perimeter
Fences and free-standing walls define and control external perimeters. They are typically used where a facility contains valuable assets. Some types of fences and walls may also prevent unauthorized observation. They can compensate for security deficiencies in the building design, such as ground-level windows exposing information or areas.
B. Landscaping
Landscaping around a secure facility should:
- Protect—by defining and securing the perimeters and by channelling personnel and the public
- Detect—by allowing for easily identifiable controlled areas by reducing the opportunity for concealment, and by developing circulation routes that allow employee surveillance of the facility
- Respond—by allowing unimpeded access to the facility for emergency response personnel and equipment
C. Parking lots
Parking lots should be designed to reduce the threat to the facility, its employees and visitors by:
- channelling pedestrian traffic
- easing surveillance of high-risk areas
- discouraging the casual use of exit doors and shipping or receiving areas
- prohibiting parking close to buildings
D. Security lighting
External security lighting is normally required to assist with surveillance and could include increased intensity, a specialized colour spectrum, or both, for identification purposes or closed-circuit television applications. Due to the technical complexity and the necessity to meet safety and other codes, qualified personnel should plan security lighting. Public Services and Procurement Canada’s (PSPC) Contract Security Program (CSP) will advise on the specific requirements.
E. Doors, windows and other openings
Access doors should be restricted to the smallest number possible. Windows should preferably be non-opening. All windows must be of sturdy construction and securely installed. Other perimeter openings, such as drains or utilities tunnels, must be secured. PSPC’s CSP will advise on specific requirements and standards.
F. Emergency exits
Information and assets controlled by an organization are most vulnerable during an emergency. Measures must be implemented to ensure that emergency exit routes are adequately protected during an emergency and do not allow uncontrolled access to secure zones.
V. Security control centres
An organization granted a designated organization screening (DOS) or facility security clearance (FSC) with DSC may require a security control centre at each cleared site to monitor and control the status of security equipment and systems such as:
- electronic access controls
- intrusion detection systems
- duress alarms
- closed-circuit television systems
- emergency communications systems
- fire alarms
- elevators
A security control centre may be operated by the facility, by a commercial agency under contract, or a combination of the 2, to provide full-time coverage. The security monitoring system must have the capability to operate independently of other facility monitoring systems.
VI. Control of access to secure zones
A. Reception
Entry points should be established to channel employees and visitors, verify employee identity and prohibit visitor entry until properly recorded and accompanied by an employee.
B. Personnel identification
Where organizations are large enough that personnel identification between employees becomes uncertain, employees should be required to wear cards that identify the bearer and/or access badges that allow entry to specified zones or facilities.
An identification card should contain the individual's photograph, name and signature, name of the issuing organization and a card number with an expiry date. It does not allow access, but merely identifies the bearer. Access requires an additional control such as an access list, knowledge of a combination, electronic access card or an access badge. An access list or access badge shows authorization only. Therefore, additional control procedures may be necessary to verify identity and regulate entry or exit.
Identification cards and access badges should be colour coded or marked in a way that quickly indicates clearance level and/or access authorization.
C. Organizations must:
- establish procedures to verify cards or badges held by personnel and to withdraw cards or badges for cause
- provide for the replacement of any or all cards or badges whenever a threat and risk assessment shows that this is necessary
- set up a procedure for reporting the damage to, or the loss or theft of, personnel identification cards or access badges
- maintain inventories of all cards or badges
- replace personnel identification cards or access badges whenever personal appearance changes significantly from the photograph on the card or badge
D. Guards
Guards may be required to control access to secure zones where there is a need for personal interaction and judgment, or for quiet-hours patrolling and to provide a timely response to actual or attempted unauthorized entry or other emergency. Guards' response to alarms or emergency signals must be tested and be within a time limit evaluated as capable of preventing an intruder’s access to the classified information being protected. Guards must be appropriately screened to the level of possible access to protected and classified information and assets. This does not include access resulting from the discovery of a security breach.
PSPC’s CSP may recommend exceptions, on a case-by-case basis, based on an on-site inspection and a threat and risk assessment.
E. Electronic access control
Electronic access control devices can be used to record authorized entry and to deter unauthorized entry. An essential prerequisite for installing electronic access control devices is establishing a secure perimeter. Alternative measures must also be available when controls are out of service. Installed systems must comply with applicable building and fire codes and regulations.
F. Electronic intrusion detection
Electronic intrusion detection (EID) devices signal an alert on attempted unauthorized access. They can be used, in some circumstances, as an alternative to guards or to increase the efficiency of guards. They should be supported by a response capability related to the threat and risk assessment. EID devices are to be checked regularly to ensure reliable operations and alternate measures are to be available. To be effective, an EID should have a response force that will react within a reasonable timescale in the event of an alarm being given. PSPC’s CSP can provide guidance to organizations on obtaining and installing EID devices.
G. Closed-circuit television
Closed-circuit television systems (CCTV)s broadcast only to selected receivers for surveillance and assessment purposes. CCTVs can also serve as a psychological deterrent and, when linked to a video recorder, serve as an aid in investigating incidents of unauthorized access. CCTVs can be used to improve guard effectiveness by extending their range of view and to assess the need for an immediate response to an alarm. Alternate measures must be available if the CCTV is out of service.
H. Interior access controls
In some circumstances, organizations may need to establish access controls and procedures within a facility to control and record entry to certain security or high-security zones.
I. Service spaces
Common service facilities such as general-use photocopiers should not be located in security or high-security zones. Circulation routes should be located to prevent the unauthorized viewing or hearing of protected or classified information. Public access service spaces, such as washrooms and cloakrooms, must be located outside of secure spaces.