The Physical Security Assessment (PSA) is performed onsite in conjunction with the Internal Vulnerability Assessment (IVA). It consists of an inspection and analysis of external and internal physical controls. Areas under review include: administrative controls, contract services (couriers, janitorial services, etc.), windows, doors, roof access, access controls, alarm systems, surveillance systems, data centers, record rooms/vaults, media storage and destruction, and emergency preparedness and readiness. The assessment also includes information gathering from credit union’s website and other publicly available sites to assist in social engineering and covert testing exercises. The Assessment is geared towards the ability of an attacker to gain unauthorized access into the facility and discover potentially unsecured Sensitive Member Information (SMI) as defined by NCUA.
All findings or observations are reported in a comprehensive Information Security Risk Assessment final report along with specific recommendations to strengthen the physical security controls of the credit union. Additional “Board Level” reports are also provided upon request.