Physical

Facility Audit
Protocol.

Objective

This Standard Operating Procedure defines the end-to-end methodology for conducting a physical security assessment of a commercial, institutional, or residential facility. The protocol produces a prioritized remediation report with actionable findings, cost estimates, and a risk-ranked vulnerability matrix. Assessments conducted under this protocol are conflict-free: the assessor does not sell hardware or install cameras. The deliverable is intelligence, not a sales pitch.

Scope of Operations

This protocol does not cover classified government facilities, active military installations, or facilities requiring security clearance for access. It strictly applies to:

  • Commercial office buildings (single and multi-tenant)
  • Medical and clinical facilities
  • HOA-managed residential communities
  • High-net-worth residential estates
  • Warehousing, logistics, and industrial
  • Educational institutions

Execution Phases

01 / Pre-Assessment Recon

Client intake, legal authorization verification, and Open-Source Intelligence (OSINT) collection including satellite imagery, perimeter mapping, and public social media analysis.

02 / Exterior Perimeter

Evaluation of fencing, vehicle access controls, lux meter lighting readings, defensive botany, and mapping of surveillance camera blind spots and retention capabilities.

03 / Interior & Hardware

Audit of visitor management, mantrap efficacy, server room environmental controls, clean desk policy adherence, document handling, and employee challenge culture.

04 / Technology Convergence

Scanning for exposed network jacks, vulnerable IoT devices, visible Wi-Fi passwords, and identifying physical gateways that provide direct access to the production network.

Finding Classification Matrix

CRITICAL

Exploit Now. Active risk to life safety or immediate data exposure. Requires no special tools (e.g., propped-open fire exit to the street, unlocked server room).

HIGH

Exploit with Minimal Effort. Significant risk requiring basic tools or minimal planning (e.g., cloneable badge technology, no camera coverage at loading dock).

MEDIUM

Exploit with Planning. Moderate risk requiring reconnaissance (e.g., exploitable camera blind spots, interior doors with hinge pins on the accessible side).

LOW

Monitor and Maintain. Best-practice gaps rather than active vulnerabilities (e.g., outdated security signage, visitor logs are paper-based rather than digital).

Full Manual Contents:

  • Client Intake & Scoping SOW
  • OSINT Collection Checklist
  • Perimeter Survey Methodology
  • Access Control Hardware Testing
  • Network Perimeter Scanning
  • Post-Assessment Report Structure
Distribute Intel

Secure the Manual

Deploying Facility Audit Protocol to your inbox

Encrypted Data Handling: No third-party tracking.

Initiate
Deployment.

Whether you need a full adversarial facility audit or an executive resilience protocol for your leadership team.

Secure the Facility (Assessments)
Secure the Mind (Coaching/Speaking)