"A risk assessment of the Piql Services" by FFI

It is apparent that these requirements can be grouped together into the four main parameters included in physical security as outlined above, namely access control, alarm systems, camera surveillance and security personnel. FFI has made a strategy to implement the security regime as set forth by Piql AS, specifically for the storage facility, which includes these parameters. The strategy is presented in table 5.6. Piql AS has devised separate security regimes which apply during the transportation and production phases. With these additional regimes, the protection of the piqlFilms containing valuable information is accounted for from the moment the sensitive data is converted from its original form into nanofilm to the moment it is put in secured storage and onwards.

These are the requirements Piql AS has stipulated when it comes to the security regime applied during production [32]:

 The facility shall have control access [sic]. It shall be segregated, secured and monitored to prevent unauthorized access.  The facility where rooms are located shall have an alarm system activated when operators are not on duty.  CCTV should be installed and deployed at the facility access points and at the production rooms.  CCTV Monitoring shall be carried out by a guard when operators are not on duty. When operators are in duty, recording mode shall be enabled.

At FFI’s suggestion, Piql AS has added the following stipulations regarding the security regime which should apply during the transportation phase [27]:

 General level of security from a professional trusted transportation security service provider is required.  The films shall be labelled and scanned for constant tracking.  The films shall be stored in a safe in the holding area, protected by a PIN lock.  Personnel shall have gone through criminal background checks and driving record reviews. Though the security requirements during transportation do not fall squarely into the parameters we have defined earlier as necessary parameters of physical security, we have decided, for the sake of continuity, to keep to the same categories as used in the strategy for storage in our implementation of the strategy for production and transportation, though the latter entails a few adjustments to fit the different settings.

Table 5.7 presents FFI’s strategy for the implementation of the security regime which applies for the production and transportation phases.

38

FFI-RAPPORT 16/00707