Site and Facility Design Considerations

Astute organizations will involve security professionals during the design, planning, and construction of new or renovated locations and facilities. Proper site and facility requirements planning during the early stages of construction helps ensure that a new building or data center is adequate, safe, and secure - all of which can help an organization avoid costly situations later.

Choosing a secure location

Location, location, location! Although to a certain degree this bit of conventional business wisdom may be less important to profitability in the age of e-commerce, it’s still a critical factor in physical security. Important factors when considering a location include

• Climatology and natural disasters: Although an organization is unlikely to choose a geographic location based on the likelihood of hurricanes or earthquakes, these factors must be considered when designing a safe and secure facility. Other related factors may include flood plain avoidance, location of evacuation routes, and adequacy of civil and emergency preparedness.

• Local considerations: Is the location in a high crime area? Are there nearby hazards, such as hazardous materials storage, railway freight lines, or flight paths for the local airport? Is the area heavily industrialized: That is, will air and noise (including vibration) pollution affect your systems?

• Visibility: Will your employees and facilities be targeted for crime, terrorism, or vandalism? Is the site near another high visibility organization that may attract undesired attention? Is your facility located near a government or military target? Keeping a low profile is generally better; avoid external building markings if possible.

• Accessibility: Consider local traffic patterns, convenience to airports, proximity to emergency services (police, fire, and medical facilities), and availability of adequate housing. For example, will on-call employees have to drive for an hour to respond when needed?

• Utilities: Where is the facility located in the power grid? Is electrical power stable and clean? Is sufficient fiber optic cable already in place to support telecommunications requirements?

• Joint tenants: Will you have full access to all necessary environmental controls? Can (and should) boundary protection costs and responsibilities be shared between joint tenants?

Designing a secure facility

Many of the physical and technical controls that we discuss later in this chapter should be considered during the initial design of a secure facility. Doing so will often help reduce the costs and improve the overall effectiveness of these controls. Other building design considerations include

• Exterior walls: Ideally, exterior walls should be able to withstand high winds (tornadoes and hurricanes/typhoons) and reduce emanations. If possible, exterior windows should be avoided throughout the building, particularly on lower levels. Metal bars over windows on lower levels may be necessary. Any windows should be fixed (cannot be opened), shatterproof, and sufficiently opaque to conceal inside activities.

• Interior walls: Interior walls adjacent to secure or restricted areas must extend from the floor to the ceiling (through raised flooring and drop ceilings) and must comply with applicable building and fire codes. Walls adjacent to storage areas (such as closets containing janitorial supplies, paper, media, or other flammable materials) must meet minimum fire ratings, which are typically higher than for other interior walls. Ideally, Kevlar (bulletproof) walls should protect the most sensitive areas.

• Floors: Flooring (both slab and raised) must be capable of bearing loads in accordance with local building codes (typically 150 pounds per square foot). Additionally, raised flooring must have a nonconductive surface and be properly grounded.

• Ceilings: Weight bearing and fire ratings must be considered. Drop ceilings may temporarily conceal water leaks and intruders; conversely, drop ceilings can reveal leaks while impeding water damage.

• Doors: Doors and locks must be of sufficient strength and design to resist forcible entry and have a fire rating equivalent to adjacent walls. Emergency exits must remain unlocked from the inside and should also be clearly marked and monitored or alarmed. Electronic lock mechanisms and other access control devices should fail open in the event of an emergency to permit emergency egress. Many doors swing out to facilitate emergency egress; thus, door hinges are located on the outside.

These must be properly secured to prevent an intruder from easily lifting hinge pins and removing the door.

• Lighting: Exterior lighting for all physical spaces and buildings in the security perimeter (including entrances and parking areas) should be sufficient to provide personnel safety as well as to discourage prowlers and casual intruders.

• Wiring: All wiring, conduits, and cable runs must comply with building and fire codes and be properly protected. Plenum cabling must be used below raised floors and above drop ceilings because PVC cabling releases toxic chemicals when burning.

• Electricity and HVAC: Electrical load and HVAC requirements must be carefully planned to ensure that sufficient power is available in the right locations and that proper climate ranges (temperature and humidity) are maintained. We discuss additional controls later in the section
  “Environmental and life safety controls.”

• Pipes: Shutoff valves for water, steam, or gas pipes should be located and appropriately marked. Drains should have positive flow; that is, carry drainage away from the building.