"A risk assessment of the Piql Services" by FFI

For the purposes of the scenario development, FFI has created a strategy for the implementation of Piql AS’ security regime. The assumptions that we have made for the requirements are not directly based on any particular set of rules and regulations, as these would oftentimes greatly differ between countries. We have instead tried to find an average describing the security regime that can be applied across sectors and across geographical zones. Naturally, if a Piql partner is subject to national legislation on protective security services, the regulations stipulated there must also be implemented. This means that the suggested strategy should serve as nothing more than guidelines and inspiration for how the production sites and piqlVaults should be protected against external threats.  The piqlVault shall have an alarm system activated when operators are not on duty.  The piqlVault shall control access to facility. It shall be segregated, secured and monitored to prevent unauthorized access.  The piqlVault shall implement and maintain policies and procedures for visitor access. These should include details of visitor registration, search policy and escorted access to secure locations.  The piqlVault shall employ guards, who shall be on duty whenever operators are not in the premises.  CCTV should be installed and deployed at the warehouse access points and at the points of contact with the piqlFilm (receiving ports - automatic).  Monitoring shall be carried out by a guard when operators are not on duty.  Uninterrupted power supply (UPS) must extend to all security systems and sized appropriately for local conditions and business activities. The requirements stipulated by Piql AS in the document are numerous, and we include a relevant sample here:

Security requirement

Implementation during storage

Protective barriers in the form of doors/sluices inside the facility which opens with authorised ID verification solutions. Alarm systems installed in connection with authorisation devices. Activated outside office hours. Summons security personnel. CCTV coverage of outside entrance area, all access points and all critical points inside the facility. Recorded 24/7, and monitored outside office hours. One (1) guard onsite outside office hours. Sound vetting procedures for all personnel (either security clearance or criminal record and credit check depending on sector).

Access control

Alarm systems

Camera surveillance

Security personnel

Table 5.6 The security regime of the storage facilities used in the scenario development

37

FFI-RAPPORT 16/00707