Physical security is one of the elements assessed to obtain the TISAX label. During preparation for this activity, it is worth knowing 10 effective practices.
They will avoid non-compliance when conducting a third party audit and improve the physical security of the production facility.
Identification cards always in a visible place
Working in a production environment, the vast majority of us receive ID cards at the beginning of employment. They usually have a photo, information about the name and surname and number of the employee, as well as the company logo.
One of the basic practices that should be implemented in the plant, not only during the preparation for TISAX certification, is to raise the awareness of employees to pay attention to people on the plant’s premises who do not have an ID card in a visible place.
This will allow to reduce or eliminate the situation when an unauthorized person will move around the plant without any supervision. Of course, we must approach the subject in a common sense, which means that in the case of being at the workplace, the employee should not have an ID on a tape leash. This, of course, is related to safe work performance.
Do not use your ID card to allow other people to enter
Continuing the topic of the ID card from the previous point, let’s consider the scenario when we let people entering the plant with our ID who, for various reasons, did not have it.
I know exactly what I’m talking about, because before the implementation of the TISAX label, I sometimes passed other people on my badge. It was, for example, a lady from the employment agency who organized a meeting with newly hired employees, a person who came to the recruitment or worked in the canteen.
Fig. 1 – Do not use your ID card to allow other people to enter. A photo for the newsletter as an action to increase employee awareness.
Each of them should receive one-time or temporary passes from the security guard at the entrance.
That is why it is important not to allow such a situation, because thanks to this, we significantly reduce the possibility of unauthorized people entering the plant.
Physical security and communication for employees
Awareness raising is closely related to effective communication. In the plant where I currently work, this is done through daily and weekly meetings, as well as monthly communication with employees.
For my part, I have implemented the “TISAX EduLetter” section in our two-week newsletter. Thanks to which I have the opportunity to provide information that affects physical safety to all employees.
Check if is possible to use the ID guests to open doors from yellow or red zone
The topic of zones is closely related to the requirements set by TISAX. In the case of yellow zones (e.g. HR, pay-roll etc.) and red zones (IT zone, server room), access should be limited to a minimum.
While preparing for the certification of the TISAX label, we schould preventively check whether the rooms from yellow and red zones can be opened using the ID cards assigned to guests.
External auditors will certainly check it during the audit.
Server room silent alarm
The use of a silent alarm is not obligatory. However, it is a great argument that increases the reaction time of security staff in the event of unauthorized access to the red zone. Additionally, an unauthorized person will not know that the alarm will be activated.
Onboarding for people entering the server room
This is a common point for certification bodies to issue noncompliance. I am talking about the lack of an instruction and identification of the data of the person staying in the server room. The vast majority of the server room is identified as a red zone. It is worth taking care of this by preparing a short instruction explaining what activities a visitor can perform in this area.
Closing the door between defined zones
Surely you’ve seen action movies in which a person entering a room using an ID card. Passes on without checking a closed door, and the bad character passes through imperceptibly inside.
Such a situation may also take place in a production plant. This is an interesting example that we can associate with increasing employees’ awareness of moving between zones. If we walk between zones (green, yellow, red), we often use ID cards to open the door.
It is important at this stage to check that the door is closed after walking. Thus, we eliminate the situation that an unauthorized person will follow us into the unauthorized zone.
Physical Security vs. verification of the operation of cameras
Industrial cameras are a very effective means of increasing the security of infrastructure and employees. Of course, if they work properly.
Why am I bringing up this topic? Nowadays, when energy prices are rising all the time, everyone is looking for savings. In factories, this involves shutting down specific production lines and cameras monitoring them. And now the best part. If poor quality cameras are used, they will stop working after switching them off and on again.
Therefore, the purchase of CCTV cameras should be properly considered by the infrastructure or maintenance department.
One more remark to meet the requirements of the GDPR. If there is monitoring in our plant, such information should be displayed in a visible place for the incoming person before entering the plant.
Time shift between the recording and the real time for the data recorded by the camera
Another important point when verifying the cameras operation is the time shift between what the camera records and what is observed on the monitor screen at the security point. This is important because security personnel will be delayed if this is the case. Example: an unauthorized person jumping over a fence and entering the plant.
Does camera “see” what it should?
The last point worth checking concerns the operating range of the cameras. During an audit at another facility which I attended as an observer, the auditor noted that the camera did not “see” the loading area. This was due to the fact that after the camera was installed, a ventilation system was added to the façade. As a result, the camera “has seen” the tube, instead of the loading area.
For this reason, it is always worth checking the cameras’ range operation if there have been implemented modifications to the building’s cubature (for example, an added shed). Additionally, this action is recommended if the production line has been modified or, as in the described case, a ventilation system has been installed near the camera’s operation range.
Physical security – summary
As you can see, there are many elements that contribute to effective physical security. Like other elements of information security, they require appropriate planning.
If, however, you prepare your plant to receive the TISAX label, we cordially invite you to take advantage of our training offer. Additionally, an automatic, editable Excel form can be downloaded for free on the “Free Tools” page.
Document name: TISAX Implementation Checklist – Excel form
Dariusz Kowalczyk
