Altria Security Assessment Template

Altria Corporate Security Assessment

THREAT ASSESSMENT (natural, criminal, theft, explosive, accidental, political, financial, targeted, etc.)

Likeliness according to data, historical data, recent events, high-profile executives, political/social positions, proximity to high-risk locations, etc

(Also consider adjacent land uses, history etc. such as DuPont located adjacent to PMUSA)

Security Assessment

Guardhouse/Station

Terrain/Landscaping (Vegetation, Flood Zone, Visibility, etc.)

Fence Line

Parking Lot

Perimeter Security

Is the Outer Perimeter of the property accessible to the public?

Is the Outer Perimeter of the property fenced?

If yes, is the fence damaged or permeable in any way?

Does all traffic go through a security post at the perimeter?

Is the vehicle security post operational 24/7?

Are there environmental barriers to the Outside Perimeter of the property that makes public access difficult?

Yes No If yes, what is the rotation frequency?

Does security patrol the Outside Perimeter of the property?

Does the organization use automated technology to monitor the outer perimeter?

Yes No If yes, what automated technology is employed?

Are there no-parking/no-trespassing/surveillance signs posted?

If yes, which ones and where are these posted?

Are Parking Lots patrolled regularly?

Are there CCTV systems that monitor the parking lots?

Are vehicles that remain for extended periods in parking lots investigated?

Have there been car ‘break-ins’ or other crimes reported/documented in parking lots?

Is there a process to notify/document suspicious cars on the property?

Is the ‘lighting’ in the parking lot adequate and has a lighting survey been conducted?

Are employees aware of facility security procedures in a written policy?

Is the main building/property in a flood zone?

Is the main building/property located next to a river/lake that can flood?

Does the vegetation block visibility for an intruder? (Inside or outside)

Are large trees located farther away from the building?

Does the proximity of tree’s/vegetation to building constitute a potential fire hazard?

(Per FEMA Wildfire Mitigation standards)

Are there natural barriers (CPTED) that enhances perimeter protection?

Is there utility access outside of the building perimeter (i.e., Water, Petroleum/Gas, Electrical, etc.) that is accessible to the public or employees?

Building (‘s) Perimeter

Loading Docks

Other Entrances (Ingress)

Outer Buildings

Parking Areas

CPTED Perspective?

Shipping & Receiving

Roof Access

Doors/Windows

Are exterior doors/ dock doors able to be secured?

Are exterior access points monitored via CCTV?

Are exterior doors equipped with badge readers?

If no, please identify locations and rationale?

Are employees/contractors, with badge access, restricted to access locations and time?

Does security conduct security checks of outside doors of the property? Yes No Rotation frequency?

Are ground-level/publicly viewed windows Tempered or Ballistically reinforced?

Are there multiple buildings on the company owned property?

(If so, a separate perimeter assessment should be done on each building)

Are Loading Docks secured from non-employee/contractor access?

Is Shipping & Receiving in a different location from loading docks?

Are Loading Docks monitored via CCTV?

Are Loading Docks secured after hours?

How are docks secured?

Are all deliveries scheduled/approved/received?

Is there any type of package evaluationanalysis done?

Are contractor deliveries required to check-in at a particular location to verify delivery?

Is parking controlled by open lots or parking decks / garages?

Is access controlled to parking locations?

Are parking locations patrolled / controlled by contract security?

If parking is controlled by contract security, is CCTV used to augment security coverage?

Does Security staff routinely patrol the fence line around parking locations?

Does the property utilize ‘license plate reader’ camera technology?

Does the Security team provide escorts to/from vehicles by request?

Has there been reported criminal activity in the parking locations within the last year?

Can parking locations be secured/locked?

Does security provide access for tow trucks onto company property?

If tow trucks are permitted onto company property, is there a procedure to ensure vehicle tows are authorized?

Do all security posts maintain post orders specific to post duties?

If yes, when where these post orders issued?

Are security officers required to acknowledge assigned post orders in writing?

Is roof access to Altria owned buildings accessible to only certain personnel?

Are main entrances provided with CCTV coverage?

Are the facility cameras all operational?

Are the security posts at the main entrances 24/7 or while the facility is operational?

Are visitors screened at building entrances or vehicle access points? Yes No Both

If not Both, which ones?

Are there accessible entrances that are not covered by automated security devices (CCTV/Badge Readers) or security personnel?

(If so, a separate perimeter assessment should be done on each entrance)

Stay Boxes/Bags (LE)

Security Presence (Cameras, etc.)

Receptionist/Front Desk?

Inner Building Flow of Employees, Contractors, Visitors

Sensitive Area Access

Is there a Security presence inside the main lobby/entrance?

Are there CCTV cameras inside the main lobby/entrance?

Are these cameras operational and provide clear views of people and activities?

Is there a First-Aid Kit/AED in the Lobby?

Are there emergency medical notification procedures?

Is there an AED per 70,000 – 100,000 sq. ft. of office/building space?

Is contract security in the main lobby staff trained in CPR/First Aid/AED?

Do main lobby security staff have access to a Duress/Emergency Alarm?

Is there lockdown technology available to main lobby staff?

If no, do any staff have access to lockdown technology?

Are there ‘Go Bags’ available to arriving First Responder/Law Enforcement (LE)?

Has Security staff met with LE to determine what they want in a ‘Go Bags’?

How often are available “Go Bags” inventoried and checked?

Are there package check procedures?

Are Visitors continually escorted while on company property?

Are there written suspicious package procedures?

Is there a CCTV presence on all floors of the facility building?

Are there sensitive areas in the building (i.e., Executive Offices, Data Closets, etc.)

Is there increased Security in these sensitive areas of the building (i.e., duress alarms, security post checks, restricted badging, additional access points, etc.)?

Are there Duress Alarm response procedures?

Are Duress Alarms checked on a scheduled basis?

Is there a dedicated medical facility within the building/facility?

Are these medical facilities secured?

Do all contract security personnel know the locations of all First Aid/AED equipment?

Are all Emergency Exits well-lit with proper signage?

Are there ‘Evacuation Routes’ posted throughout the building?

Alternate Entry Points

Written Policy & Procedures

Access Control (All Buildings)

Main Entry

Is there written policy regarding Access Control Procedures?

How is contract security trained regarding Access Control procedures?

Are facility employees trained in Access Control Procedures?

If this is onboarding training?

Upon employee termination, are company badges confiscated and are employee access credentials immediately voided from the system?

Are terminated employees escorted off property?

Various Permission Levels

Written Policy & Procedures

Upgraded Security/Cameras

High Security Areas (Executives, Server Rooms, Data Closets, etc.)

Emergency Management (Policy & Procedure)

(The Basics)

Most other emergency response questions are asked in other sections

Is there a secondary egress from the property if the primary portal is damaged/blocked?

Does the business have backup food/water storage in the case of a catastrophic event?

Has the property designated an emergency response/first responder rallying point?

Is there a designated entrance to the facility campus/building for emergency response/first responders in a written Emergency Management plan?

Does the organization have a post-incident rallying point for employees/contractors/visitors to be screened by emergency responders?

If yes, is this location known or documented to all facility occupants and contract security?

Does the facility have a staging area in the wake of a catastrophic event where employee / occupant families will be sent to be repatriated?

Intercom System

Vehicles

Automated Intelligence (AI)

Cameras (Analog, IP)

Gunshot Detection

Radios

Security Systems

Duress Alarm/Alert

Does the property utilize CCTV audits on a schedule basis?

Are all facility CCTV operations functioning at the time of this assessment?

Is there a Security Control Room with operational redundancy if there is a power loss?

Are cameras audited by Contract Security or camera service vendors?

Are all cameras aligned with intended areas of interest?

Does facility security have overlap of CCTV coverage with the Global Security Operations center (GSOC)?

IS CCTV footage shared or granted access to facility employees?

Do any of the cameras have Infrared, AI-connectivity or License Plate reading technology?

Does the property utilize Security Drone technology?

If yes, do all users have an FAA 107 license?

Is security team radio communications compatible with all posts and security patrols?

Is there a security equipment serviceability procedure or checklist?

Are there ‘dark spots’ or ‘gaps’ in security radio coverage?

(TEST to be conducted and reported here)

Do other business departments (work force leadership, emergency operations staff, safety, etc.) have access/use of security radio channels in the building or facility?

Can these staff members communicate with Security via radios?

Is there a ‘man-down’ or ‘duress’ alarm on the radios?

Is there a protocol/written policy on proper radio communication?

Is there a public notification system (i.e., PA) accessible in emergency situations?

Is the system a live alert, or pre-programmed?

How often is the public notification system tested?

Do Security staff have access to a Duress/Emergency Notification system?

22a. If yes, what kind of system is it and how is it employed?

Do building staff have access to a Duress/Emergency Notification system?

23a. If yes, what kind of system is it?

If present, is the Duress system directly linked to security controls rooms / GSOC?

Does the property utilize Gunshot Detection or Weapons Detection technology?

Does the property utilize any AI tech (w/Drones, Access Control, Cameras etc.)

Does security staff use marked vehicles to patrol?

Are mobile security officers trained in safe vehicle operations and guidelines?

Are random DMV check’s done on security staff after hire?

Is routine maintenance performed regularly on the security vehicles?

If yes, who is responsible?

Do non-Security staff have access to panic/duress buttons (i.e., office panic button, wearable, etc.)

Professional Development (Certifications)

Monthly/Yearly

Security Training/Staff (Types, Frequency)

Contracted

Onboarding

Is the facility direct leadership of security staff contracted from the security company or employed corporate security? Contracted Hired Both

If contracted, does corporate security staff participate in the routine operational conduct of security programs for the facility?

Does corporate security staff provide input regarding training requirements?

Does corporate security staff review / validate facility contract security training programs?

Is there facility specific additional security training upon hire?

Are contracted security staff required to attend ongoing/scheduled training?

If yes, how is the training determined and how often?

Does the contract security leadership provide the job scope to the security staff?

Are the background verification letters for contract security staff archived and readily accessible to corporate security?

Does security staff leadership conduct practical / hands-on training tests?

If yes, how often?

Are all security staff CPR/First Aid/AED certified annually?

Are security personnel required to take training in workplace violence and emergency response procedures

Do security personnel have access to a training budget for additional training?

Are Security personnel trained in a Use of Force Continuum? Armed Unarmed

Are security personnel State certified as a contract / commercial security officer?

Do the security teams participate in roll call / pass down meetings?

Are security personnel trained and proficient in writing Incident Reports?

If yes, how are reported vetted and presented to corporate security leadership?

Do security personnel have access to advanced training for leadership roles either through their company or Altria?

Is there a ‘progressive discipline’ policy & procedure for security staff?

(ASK ABOUT ATTRITION DATA)

Policy & Procedure

Security Processes

Medical

Active Shooter

Drills

Workplace Violence

Desktop Exercises

Is there a Policy & Procedure (P&P) manual for Security staff that is always accessible?

Are Security staff tested on P&P on a regular basis?

Is P&P knowledge a basis for promotion within the security department?

Does Management/Security staff review/update P&P regularly?

If yes, how often is this process done?

Is there a check-out Policy for all security equipment?

Is there any security equipment currently missing during this assessment?

Is there a written Policy & Procedure for an Active Assailant Response Plan?

Does the facility have a written Bomb Threat Policy & Procedure?

If yes, are there occasional drills/training on this policy?

Is there a written Policy & Procedure for Medical Emergencies?

Is there a written Policy & Procedure for other forms of Workplace Violence?

Is there a written Policy & Procedure for a criminal incident response?

Is there a written Policy & Procedure for Trespassing?

Is there a written Policy & Procedure for other Emergencies/Events (i.e., Demonstrations, Earthquake, Floods, Chemical Spill, etc.)?

Is there a written Policy & Procedure for an Intoxicated Guest/Visitor?

Do Security staff train/participate in exercises around these events regularly?

Is there a Policy & Procedure for regular ‘Radio Checks’ during a shift?

Do Security personnel participate in routine or staggered perimeter/Security checks?

Routine Staggered

Has local Law Enforcement (LE) been invited for a building/property walkthrough?

Does local LE have access to building layout/blueprints/maps of the property?

Has security participated in first responder drills with LE or Police First Responders?

Is there a local Threat Assessment Team at the property?

Is a Threat Assessment process used for High-Risk incidents?

Are security personnel notified of an employee termination prior to it occurring?

Are security personnel required to annotate in a report the removal and escort of a terminated employee?

Are Security personnel notified of a person of concern through post notifications?

If so, are the concern notifications routinely reviewed by security personnel?

If yes, who conducts the review and how are the notifications removed and archived?

Are there response plans when a person of concern appears at the facility?

If the facility has operating hours, is there security provided after hours?

Are contractors who will be on property for any length of time, screened before departing the facility (vehicle checks/package checks)?

Are contract workers monitored by contract leadership or company representatives? Is security informed of any on site contactor issues or termination procedures?

CPR/FirstAid/AED

Active Shooter Training

Emergency Response Drills

Employee Training

Are all employees trained in Active Assailant procedures?

Are any employees (other than Security), trained in CPR/First Aid/AED?

Do employees participate in yearly evacuation procedures?

Are employees required to complete any other yearly safety/security training?

Is any such training recorded and kept in an HR file for auditing purposes?

Do employees have access to additional safety & security training/information?

Do employees ever have to participate in tabletop exercises or first responder exercises as it pertains to Emergency Management?

Is there an on-site Emergency Response Team (ERT)?

If yes, how often do they conduct formal training? Monthly Bi-monthly Quarterly

If yes, does the ERT maintain a certification through a governing body (OSHA, NSC etc.)

If there is an ERT, what is the team composition (employees, contractors, EMT, Paramedics, etc.)

Are Workplace Safety audits conducted at the facility?

Are these audits integrated with security response protocols?

Are employees required to take standard workplace safety training in any capacity (i.e., Employee Handbook, Formal Training, initial Onboarding, etc.)?

Safety Committee

Audits

Environmental Safety Protocols/Training (OSHA)

Monthly/Annual Training

Is there a facility Safety & Training Committee?

If yes, how often do they meet? Monthly Bi-monthly Quarterly

Is it Certified through a governing body (i.e., OSHA, NSC etc.)

Is there a company Certified Safety Professional on-staff?

Are facility Workplace Safety audits conducted to reflect identified risks?

If yes, are these audits kept and accessible to security?

Do safety team members receive regular training in various safety topics?

Are select staff required to take various workplace safety trainings (i.e., Maintenance, Facilities, Engineering, etc.)?

*Please document which job descriptions require this training and if it is done at onboarding, continuously, etc

Utility Security (Servers, Water, Electrical, etc.)

Backup Supplies/Access

Increased Access Control

Are high-risk utilities protected from animal intrusion?

If no, which utility and what is the nature of the exposure?

Does access to high-risk utilities have elevated security access measures (fence lines, lighting, CCTV, etc.)

Is there a back-up system for power loss (i.e., Battery, Generator)

If yes, how often is it tested?

Cybersecurity

Penetration Testing (outside provider)

Onboarding

Yearly Training

Does the facility conduct Cybersecurity ‘penetration testing’?

Are employees required to complete Cybersecurity training at onboarding?

Are employees required to complete additional Cybersecurity training after onboarding?

Is there a written policy regarding the reporting of Cybersecurity concerns?

Has there been a Cyber-attack to the facility within the past 12 months?

Employee Interviews – Anonymous (Non-Security Personnel)

Employee Interviews – Management/Dept. Heads

Employee Testing – Random

Quizzing employees on Emergency Management protocols, exit location, AED location, EM response questions, etc

General Observations

Business Security Strengths

Counter Measure Topics

Facility Security Level FSL)