PHYSICAL SECURITY

PROCESS
Fortraks Motors Inc.

INTRODUCTION
Fortrak Motors Inc. which produces highquality commercial and industrial vehicles
equipped with diesel engines benchmarked
to provide maximum performance and
reliability .
The company continues to become the
recreational vehicle of choice of executives
on the go. Occupational health and safety
provisions are strictly observed to prevent
hazard.

INTRODUCTION.
Physical Security Process
1. Conduct risk assessment to identify inherent
risks
2. Identify current and potential resources including
funding and expertise for selected areas.
3. Develop assessment to measure effectiveness &
impact of preliminary measures.
4. Develop a physical security program
5. Implementation

CONTROLS

Physical
building materials,
perimeter security
including fencing, locks
and guards
.

Administrative
Controls
site location,
facility design,
building construction,
emergency response
and employee controls.

Technical Controls

Trainings and emergency drills are done

once a year to educate employees the
basic disaster preparedness practices.
Using broadcast networks to share or
consolidate information. System
administrators often fail to realize the
importance of networking hardware in
their security schemes.
Centralized server is the main storage of
information.

EXECUTIVE
SUMMARY
Scope of Audit
It applies to the Security Operations
Department and all its subunits including
Intelligence and Logistics, Operations and
Integration, Network Security Deployment and
Emergency Readiness Team through their
department heads and supervisors who have
access to facilities and its assets. Such assets
include data, images, text, or software, stored on
hardware, paper or other storage media. Audit
fieldwork is primarily performed within the vicinity
of the workplace.

Audit Objectives
To establish adequate physical security measures
and practices for its critical assets;
To address physical security measures
recommended in prior risk assessments;
To conduct performance testing to ensure that
security measures for physical assets were being
performed as designed and ;
To provide security guidance and general
procedures that are realistic, harmonized with other
security disciplines to protect personnel,
installations, projects, operations, and related
resources against capable threats from terrorists,
criminal activity, and other subversive or illegal
activity.

AUDIT
PROCEDURES
Site Visit: data centers, computer rooms, and
office environment arranged to identify
physical security risks. In addition, assessment
team should record down on-site observations
about system operations and end user
behaviors (e.g. the use of password-protected
screensaver) in order to verify if relevant
security policies are followed accordingly.

Group Discussion: group discussions or

workshops can be facilitated by the
assessment team to gather information
about the existing security environment
(controls and risks) of the company. The
discussion can have any format and topic,
depending on the target information to be
gathered.

Multi-level Interviews:
on-site interviews with key persons
or representatives at different levels
may also be conducted to verify
previously obtained information, and
to improve the accuracy and
completeness of the collected
information.

Areas of Internal Control which are

Adequate
A1. Physical access barriers including door
locks, high durability window ,unauthorized
entry, evacuation entry and exit direction,
alarm usage and conductivity.
A2. Biometric physical control solutions.
A3.Redundant power systems to support the
companys continuous operations.

Areas of Internal Control which are

Inadequate
B1. Trainings and emergency drills are done
once a year to educate employees the basic
disaster preparedness practices.
B2. Using broadcast networks to share or
consolidate information.
B3. Centralized server is the main storage of
information.

Recommendation
1. It is recommended that disaster preparedness and
emergency drills/pre-incident trainings be executed at
least every other month to implement physical
protective and operational procedures designed to
safeguard personnel and protect resources from
unauthorized use, theft, damage, sabotage, and
espionage.

2. The company should conduct

regular firewall and malware
prevention to properly configure and
enforce the security policy with the
minimal and optimal security
protection.

3. Access privileges granted to each

individual user will adhere to the principles of
separation of duties. Technical or administrative
users, such as programmers, System
Administrators, Data Base Administrators,
security administrators of systems and
applications must have an additional, separate
end-user account to access the system as an
end-user to conduct their personal business.