The 60-Point Physical Security Checklist

A printable checklist for walking your facility the way an adversary would, from the perimeter to your incident response plan

By Christopher Orta, Physical Security Consultant

Download the PDF Checklist

This physical security checklist covers the nine areas every facility walkthrough should examine: perimeter, entry points, access control, cameras, alarms, visitors, people, documents, and incident response. Use it on this page or download the printable PDF and carry it with you. If you want the full methodology behind it, start with our step by step physical security assessment guide.

How to Use This Checklist

Work from the outside in, the same direction an intruder would: start at the property line, move through entrances and interior controls, and finish with the people and plans behind them. Mark each item yes or no as you go. Every item you cannot confidently check off is a finding to record and prioritize, and the pattern of your findings tells you where to focus first.

Walk the facility at least quarterly, and always after a move, renovation, incident, or change in security systems. Familiarity is the enemy of assessment: people who pass a propped door every day stop seeing it, so rotate who performs the walkthrough when you can.

The Physical Security Checklist

60 items across nine areas. Every unchecked item is a finding.

Perimeter and Grounds (7 items)

  • Walk the full property boundary and confirm fencing, walls, and gates are intact and in good repair
  • Check exterior lighting at night: parking areas, walkways, and every entrance, with no dark gaps
  • Confirm landscaping is trimmed so it cannot conceal a person or block camera sightlines
  • Verify signage marks restricted areas and directs visitors to the correct entrance
  • Confirm dumpsters, ladders, and stored equipment cannot be used to reach the roof or upper windows
  • Check that parking areas are visible from occupied spaces or covered by monitored cameras
  • Note every route where someone could approach the building unobserved

Entry Points and Doors (7 items)

  • Test every exterior door: it should close and latch fully on its own, with no slipping or misalignment
  • Look for propped or wedged doors, and ask whether staff understand why that matters
  • Inspect door frames, hinges, and strike plates for resistance to prying and forced entry
  • Confirm windows, roof hatches, loading docks, and utility entrances lock and are included in alarm coverage
  • Verify emergency exits allow egress but do not permit re-entry from outside
  • Give secondary and after-hours entrances the same scrutiny as the front door
  • Check ground-floor windows for working locks and intact glazing

Access Control (7 items)

  • Confirm access is granted by role, with sensitive areas limited to the people who genuinely need entry
  • Verify badges and keys are inventoried, and credentials are recovered or deactivated the day someone departs
  • Confirm access logs exist and someone reviews them for anomalies on a regular schedule
  • Check badge technology: legacy card formats can be cloned with inexpensive commercial tools
  • Verify master keys are strictly limited, logged, and stored securely
  • Confirm server rooms, records storage, and cash or pharmaceutical storage have their own access layer
  • Watch a controlled door for ten minutes and count how many people tailgate through

Cameras and Surveillance (6 items)

  • Confirm cameras cover all entrances, receiving areas, and paths to critical assets, with no blind corners
  • Pull sample footage and check both retention length and image quality
  • Confirm someone is responsible for reviewing footage or responding to camera alerts, not just recording
  • Re-verify camera positions after any renovation, furniture change, or landscaping growth
  • Confirm recording equipment is physically secured so an intruder cannot remove the evidence
  • Check whether cameras still produce usable images at night and in bad weather

Alarms and Detection (7 items)

  • Confirm intrusion detection covers every exterior entry point, not just the front and back doors
  • Verify the alarm system has been tested recently and the test is documented
  • Record the system's age: older panels and wireless sensors may use protocols that modern tools can defeat
  • Confirm alarm response is defined: who is called, in what order, and how quickly
  • Verify arming and disarming codes are individual, not shared, and are changed when staff leave
  • Confirm duress or panic alarms exist where staff face the public alone, and staff know how to use them
  • Ask when the last false alarm occurred and how it was handled

Visitor Management (6 items)

  • Confirm all visitors sign in, show identification, and receive a visible badge that expires
  • Verify visitors are escorted in non-public areas, and contractors and vendors are verified before entry
  • Confirm staff are trained to challenge or report anyone without a visible badge, regardless of appearance
  • Verify tailgating through controlled doors is prohibited and the rule is actually enforced
  • Confirm deliveries are received at a defined point and drivers do not roam the facility
  • Review the visitor log for completeness over the past month

Personnel Practices (7 items)

  • Confirm new hires receive security orientation and all staff get recurring awareness training
  • Verify background screening appropriate to the role is performed before granting access
  • Confirm departing employees have access revoked, credentials collected, and codes changed promptly
  • Ask staff how they would report suspicious behavior and whether they feel safe doing so
  • Walk the office and check for credentials, keys, and sensitive papers left in the open
  • Confirm social engineering awareness is trained: impersonation of IT staff, inspectors, and maintenance workers is a standard intrusion technique
  • Test the challenge culture: would anyone stop an unfamiliar, unescorted person walking the halls

Documents and Sensitive Materials (7 items)

  • Confirm paper records with personal, medical, legal, or financial data are stored in locked rooms or cabinets
  • Verify documents are shredded or destroyed under a defined retention and disposal policy, never just discarded
  • Confirm server rooms and network closets are locked at all times and never used for general storage
  • Verify laptops, backup media, and portable devices are secured when unattended
  • Check printers, copiers, and fax areas for sensitive output left in the open
  • Confirm whiteboards and displays visible from windows or public areas do not reveal sensitive information
  • Check the dumpster: nothing sensitive should leave the building unshredded

Incident Response and Emergency Planning (6 items)

  • Confirm a written plan covers intrusion, theft, workplace violence, fire, and severe weather
  • Verify every incident and near miss is reported, recorded, and reviewed for patterns
  • Confirm roles are assigned: who calls law enforcement, who directs staff, who communicates afterward
  • Verify evacuation and lockdown procedures have been practiced, not just written
  • Confirm emergency contact lists are current and accessible without network or power
  • Confirm findings from past incidents fed back into your security controls

Take the Checklist With You

The walkthrough works best on paper, clipboard in hand

Download the printable PDF version of this checklist. It is a direct download: no form and no email address required.

Download the PDF Checklist

What Should You Do With Your Findings?

Rank each finding by how badly it would hurt and how easily an adversary could exploit it, then fix in that order. The physical security assessment guide walks through prioritization and remediation planning step by step.

When the stakes exceed what a self-assessment can safely confirm, bring in an outside set of eyes. A formal physical security audit scores your facility against a defined standard with documentation you can hand to regulators and insurers, and our physical security consulting turns findings into a working program. You can also request a free security audit qualification to find out whether your facility qualifies for an initial review.

Physical Security Checklist: Frequently Asked Questions

What should a physical security checklist include?

A physical security checklist should cover every layer an intruder would test: the perimeter and grounds, entry points and doors, access control, cameras and surveillance, alarms and detection, visitor management, personnel practices, document and materials handling, and incident response planning. This checklist includes all nine areas.

How often should you complete a physical security checklist?

Walk your facility with a checklist at least quarterly, and complete a full physical security assessment at least once a year. Repeat the walkthrough after any major change: a move or renovation, staff turnover in security-relevant roles, a security incident or near miss, or the installation of new security systems.

Is a checklist the same as a physical security assessment?

No. A checklist is a structured walkthrough that surfaces obvious gaps and gives you a baseline. A full physical security assessment adds threat analysis, risk prioritization, policy and procedure review, and testing of the controls themselves. Use the checklist first, then bring in a professional when the stakes warrant it.

Do I need to give an email address to download the checklist PDF?

No. The PDF is a direct download with no form and no email address required. Print it, walk your facility with it, and mark each item as you go.

Turn Your Checklist Findings Into a Plan

Red Cell Solutions conducts physical security assessments, audits, and penetration tests for organizations across South Florida and nationwide. Tell us what your walkthrough found and we will scope the fix.

Schedule a Consultation