Requirements for New Site Locations

If you are planning to construct a new facility, it's important to consider all of the threats that were previously discussed. The last thing you want is to build a facility in an area where your employees fear for their personal safety. At the same time, you don't want the facility to feel like a bank vault or be designed like a prison. You need a facility that employees can be comfortable in. Well-designed facilities can be built as both comfortable and secure. Finding the right location is one of the first things you should consider when planning a new facility. The following items list some of the key points to consider:

  • Accessibility An organization's facility needs to be in a location that people can access. Depending on your business and individual needs, requirements will vary, but items such as roads, freeways, local traffic patterns, and convenience to regional airports need to be considered.
  • Climatology and natural disasters Mother Nature affects all of us. If you're building in Phoenix, Arizona, you will not have the same weather concerns that someone building a facility in Anchorage, Alaska, will have. Therefore, events such as hurricanes, floods, snowstorms, dust storms, and tornados should be discussed and planned before starting construction.
  • Local considerations Sure, it seemed like a great dealthe land for the new facility was so cheap just because it was next to a railway. Too bad you didn't know that it's used to haul toxic chemicals and that several derailments have happened over the last several years. Issues such as freight lines, flight paths of airlines, and toxic waste dumps all play into the picture of where you should build a facility.
  • Utilities You should check that water, gas, and electric lines are adequate for an organization's needs.
  • Visibility Area population, terrain, and types of neighbors are also concerns. Depending on the type of business, you might need a facility that blends into the neighborhood. You might want to design individual buildings so that it is difficult to identify what type of activity is taking place there. I know of one company that was so concerned about unauthorized personnel eavesdropping and sniffing electrical signals emanating from the facility that it built in a hilly location. Even special fences were used to help cancel out electrical signals leaving the facility.


Location of the facility is an important issue. A good example is the NSA museum outside Baltimore. It's the kind of place every computer geek dreams of going. It's actually behind the main NSA facility in what was a hotel. Rumor has it that this was a favorite hangout of the KGB before the NSA bought the hotel. I use this example to drive home the importance of location. Before construction begins, an organization should be thinking about how the location fits with the organization's tasks and goals. If you're running a covert spy agency next to a hotel that could be used for monitoring and surveillance, there might be a problem. Just as if you manufacture rockets for space shuttles, you might want to be near fire stations and hospitals, in case there's an accident. Just keep in mind that it's about more than just the cost of the property: Cheap property doesn't necessarily mean a good deal.


After you have chosen a location, your next big task is to determine how the facility will be constructed. In many ways, this is driven by what the facility will be used for and by federal, state, and local laws. Buildings that are used to store the groundskeeper's equipment have different requirements than those used as a clean room for the manufacturer of microchips. Although some things will be locked in and will be out of your control, you must determine others up front. As an example, you'll need to know how various parts of the facility will be used. I once saw a facilities crew trying to install an EMI chamber on the third floor of a building. No one had checked to verify the load-bearing weight of the floor. Concrete floor slabs typically have a rating of 150 pounds per square foot. Had the project continued, there was a good chance that the floor could have collapsed or been damaged. Make sure that the facility is built to support whatever equipment you plan to put in it.

The load is how much weight the walls, floor, and ceiling can support.


Doors, Walls, Windows, and Ceilings

Have you ever wondered why most doors on homes open in, while almost all doors on businesses open out? This design is rooted in security. The door on your home is hinged to the inside. This makes it harder for thieves to remove your door to break in, but it also gives you an easy way to remove the door to bring in that big new leather couch. Years ago, the individuals who designed business facilities had the same thought. Open-in design doesn't work well when people panic. It's a sad fact that the United States has a long and tragic history of workplace fires. In 1911, nearly 150 women and young girls died when they couldn't exit the poultry plant they were working in when it caught fire. Because of this and other tragic losses of life, modern businesses are required to maintain exits that open out. These doors are more expensive because they are harder to install and remove. Special care must be taken to protect the hinges so that they cannot be easily removed. Most are installed with a panic bar that would allow a large crowd to rush through the doorjust push, and you're out.

Doors aren't the only thing you need to consider. Most buildings have raised floors, so they need to be constructed in such a way that they are grounded. Walls must be designed to slow the spread of fires, and emergency lighting should be in place to light the way for anyone trying to escape in case of emergency. Other considerations include these:

  • Doors If doors are electrical-powered, what state are they in if there is a power loss? An unlocked (or disengaged) state allows employees to exit and not be locked in. If a door lock defaults to open when power is disengaged, it is considered fail safe. If the lock defaults closed, it is considered fail secure.

    Fail-safe locks are designed to protect employees in case of power loss because they allow employees to exit the facility.


    The terms fail safe and fail secure have very different meanings when discussed in physical security versus logical security. During the exam, read the question carefully to determine in what context the term is being used.

  • Ceilings These need to be waterproof, have an adequate fire rating, and be reinforced to keep unauthorized personnel from accessing secure areas such as server rooms.
  • Electrical and HVAC You need to plan for adequate power for the right locations. Rooms that have servers or other heat-producing equipment need additional cooling to protect the equipment. HVAC systems should be tied to fire-suppression equipment; otherwise, HVAC systems can inadvertently provide oxygen and help feed a fire.

    Air intakes should be properly protected to protect people from toxin being introduced into an environment. The anthrax threat of 2001 drove home this critical concern.

  • Windows Interior or exterior windows need to be fixed in place and must be shatter proof. Depending on placement, the windows might need to be either opaque or translucent. Alarms or sensors also might be needed.
  • Fire escapes These are critical because they provide for the protection of personnel and allow an exit in case of fire. After the collapse of the World Trade Towers, it was discovered that it took individuals three times longer to exit the facility than had been planned. It is critical that fire drills be performed to practice evacuation plans and determine real exit times.
  • Fire detection Smoke detectors should be used to inform employees of danger. Sprinklers and detectors should be used to reduce the spread of fire. Smoke detectors can be used in many ways to quickly alert individuals to the possibility of danger. Placement of smoke detectors can include under raised floors, above suspended ceilings, in the plenum area, and within air ducts.

The safety of your employees should always be your first concern.

The CISSP Cram Sheet

A Note from Series Editor Ed Tittel

About the Author


We Want to Hear from You!



The CISSP Certification Exam

Physical Security

Security-Management Practices

Access-Control Systems and Methodology

System Architecture and Models

Telecommunications and Network Security

Applications and Systems-Development Security

Operations Security

Business Continuity Planning

Law, Investigations, and Ethics


Practice Exam 1

Answers to Practice Exam 1

Practice Exam 2

Answers to Practice Exam 2

CISSP Exam Cram 2
CISSP Exam Cram 2
ISBN: 078973446X
EAN: 2147483647
Year: 2003
Pages: 204
Authors: Michael Gregg © 2008-2020.
If you may any questions please contact us: