Aller au contenu principal
CyberGuard

Analyse du risque de sécurité physique pour les entreprises roumaines

Alexandra Ardelean

Analyse des risques de sécurité physique: Comment protège-t-elle votre entreprise?

Définition et objectif

Physical Security Risk Analysis (PSRA) is a systematic process of identifying, evaluating, and addressing risks that can affect the physical security of a facility. The purpose of PSRA is to ensure the protection of assets, valuables, and individuals within the facility, as well as to prevent or minimize the potential impact of security incidents.

Physical Security Risk Analysis (PSRA) is an essential component of the physical security management system and must be conducted by all entities that possess assets or valuables of any kind, regardless of the nature of their share capital, organizational form, association, or ownership of assets or valuables.

Importance of Physical Security Risk Analysis

Physical Security Risk Analysis (PSRA) offers several advantages to entities that perform it, including:

  • Réduction des risques: Identifier et évaluer les risques pour prendre des mesures préventives.
  • Protection des actifs: Preventing or minimizing the impact of incidents on assets and valuables.
  • Sécurité du personnel: Preventing accidents and incidents for individuals within the facility.
  • Bâtir la confiance: Démontrer un engagement envers la sécurité, augmentant ainsi la crédibilité.
  • Conformité légale: Éviter les pénalités en respectant les lois applicables.

Physical Security Risk Analysis (PSRA) is governed by a series of regulatory acts, including:

  • Loi n° 333/2003 : Sécurité des installations, des biens, des objets de valeur et des personnes.
  • Décision du gouvernement n° 301/2012 : Methodological norms for implementing Law No. 333/2003.
  • Instruction n° 9/2013 : Detailed procedure for conducting risk analysis.

These regulatory acts establish the legal and regulatory framework for conducting PSRA, as well as the requirements and conditions that risk assessors for physical security must meet.

Découvrez qui est tenu de mener une analyse de risque obligatoire

Entities Subject to Physical Security Risk Analysis

Conformément à la loi n° 333/2003, les entités suivantes sont tenues de réaliser une analyse des risques de sécurité physique (PSRA) :

  • Les sociétés commerciales, quelle que soit la nature de leur capital social et leur forme organisationnelle.
  • Ministries and other specialized bodies of central public administration.
  • Pouvoirs publics et institutions.
  • Les entreprises nationales et les entreprises commerciales à capital entièrement ou majoritairement public.
  • Instituts nationaux de recherche et de développement.
  • Other organizations that possess assets or valuables.

Who Is Exempt from Mandatory Analysis?

There are a few exceptions to the mandatory requirement for conducting physical security risk analysis (PSRA), as stipulated in Government Decision No. 301/2012. These exceptions apply to the following entities:

  • Entities engaged in national defense, public order, and national security activities.
  • Entités engagées dans des activités nucléaires.
  • Entités engagées dans des activités de transport.
  • Entités engagées dans des activités de soins de santé.
  • Entités engagées dans des activités éducatives.
  • Entités engagées dans des activités culturelles.
  • Les entités engagées dans des activités sportives.
  • Entités engagées dans des activités touristiques.
  • Les entités engagées dans la restauration publique.
  • Entités engagées dans des activités commerciales.
  • Entités engagées dans des activités de service.

Entities exempt from the mandatory requirement for conducting physical security risk analysis (PSRA) must take measures to ensure the security of the assets and valuables they possess, as well as the individuals within their facilities. These measures may include:

  • Installation of alarm and video surveillance systems.
  • Engage des agents de sécurité.
  • Mise en place des procédures de sécurité.
  • Conduite de vérifications de sécurité périodiques.

How Is Physical Security Risk Analysis Conducted?

Stages of Physical Security Risk Analysis

Physical Security Risk Analysis (PSRA) is conducted in several stages, as follows:

  1. Définition des objectifs du PSRA: In this stage, the objectives of PSRA are established, which may include identifying physical security risks, evaluating risks, and addressing risks.
  2. Collecte de données: In this stage, data about the entity, the assets and valuables owned by the entity, as well as the physical security risks to which the entity is exposed, are collected. Data can be collected through questionnaires, interviews, and on-site inspections.
  3. Analyse des données: In this stage, the collected data is analyzed to identify physical security risks to which the entity is exposed. Risks can be classified based on the likelihood of occurrence and potential impact.
  4. Évaluation du risque: In this stage, the identified risks are evaluated to determine the level of risk. The level of risk is determined based on the likelihood of the risk occurring and the potential impact of the risk.
  5. Réduction des risques: In this stage, measures are established to mitigate the identified risks. Risk mitigation measures may include risk avoidance, risk reduction, risk transfer, and risk acceptance.
  6. Preparation of the Physical Security Risk Analysis Report: In this stage, a report is prepared that presents the results of PSRA. The report should include a description of the entity, a list of assets and valuables owned by the entity, a list of identified physical security risks, an assessment of the risks, and a list of risk mitigation measures.

Risk Analysis Methodologies

There are several risk analysis methodologies that can be used to conduct physical security risk analysis (PSRA). The most commonly used methodologies include:

  • Méthodologie HAZOP (Hazard and Operability Study) : This methodology is based on the systematic analysis of processes and operations within the entity to identify physical security risks.
  • Méthodologie AMDEC (Analyse des Modes de Défaillance, de leurs Effets et de leur Criticité) : This methodology is based on the analysis of equipment and system failure modes within the entity to identify physical security risks.
  • ETA Methodology (Event Tree Analysis): This methodology is based on the analysis of event trees to identify physical security risks.
  • Méthodologie AMF (Analyse des Modes de Défaillance): This methodology is based on the analysis of fault trees to identify physical security risks.

Tools and Techniques Used in Physical Security Risk Analysis

Il existe plusieurs outils et techniques qui peuvent être utilisés pour mener une analyse des risques de sécurité physique (PSRA). Les outils et techniques les plus couramment utilisés comprennent:

  • Questionnaires: Questionnaires can be used to collect data about the entity, the assets and valuables owned by the entity, and the physical security risks to which the entity is exposed.
  • Interviews: Interviews can be used to collect data about the entity, the assets and valuables owned by the entity, and the physical security risks to which the entity is exposed.
  • Inspections sur place: On-site inspections can be used to collect data about the entity, the assets and valuables owned by the entity, and the physical security risks to which the entity is exposed.
  • Analyse du document: Document analysis can be used to collect data about the entity, the assets and valuables owned by the entity, and the physical security risks to which the entity is exposed.
  • Modélisation et simulation: Modeling and simulation can be used to analyze physical security risks and evaluate the effectiveness of risk mitigation measures.
Alexandra Ardelean
Le Cloud