Protective security is no longer just a concern for government agencies or high-risk environments. Organisations across Western Australia — from councils and universities to shopping centres, developers and critical infrastructure operators — are increasingly expected to manage security in a structured, defensible way. A Protective Security Assessment helps them do exactly that.
Rather than focusing on one issue, like CCTV or access control, a Protective Security Assessment looks at the full picture — people, physical infrastructure, technology, information handling, emergency response and governance. It reflects the approach used in the Australian Government’s Protective Security Policy Framework (PSPF), ISO 31000 (risk management) and AS/NZS security standards. When done well, it answers a simple question: “Are our people, assets, systems and operations adequately protected – and if not, what must change?”
What Is a Protective Security Assessment?
A Protective Security Assessment is a structured review of how well an organisation protects its people, information, physical assets and operations from security threats. It goes further than a basic security check or technology audit. It examines policies, training, physical controls, technology, culture and the way security is integrated into daily operations.
Typically, it covers three core domains of protective security:
- Physical security – buildings, access control, perimeter protection, CCTV, lighting, hostile vehicle mitigation, visitor management and secure storage areas.
- Personnel security – staff vetting, contractor access, induction processes, access rights, confidentiality agreements, insider threat prevention and culture.
- Information security (non-cyber) – secure document storage, disposal of sensitive material, data access, visitor/camera footage control, and ensuring restricted information is not exposed physically.
For government agencies or critical infrastructure, this aligns closely with the Protective Security Policy Framework (PSPF) and the SOCI Act (Security of Critical Infrastructure). For private organisations, the same methodology helps demonstrate due diligence and compliance to insurers, boards, councils and stakeholders.
Why It Matters in Western Australia
Western Australia has a unique security landscape. The combination of remote infrastructure, large public spaces, fly-in fly-out (FIFO) workforces, university campuses, growing urban precincts and increasing public expectations means that security threats are varied and evolving.
There are several reasons organisations in WA are seeking Protective Security Assessments:
- Council and planning conditions for major developments, especially where public access or 24-hour activation is involved.
- Government tenant requirements, particularly when leasing public buildings or commercial spaces to agencies.
- Critical infrastructure obligations under Commonwealth legislation.
- Increased public scrutiny following incidents involving violence, theft, protest activity or unauthorised access.
- Insurance and liability concerns, where organisations are asked to demonstrate reasonable protective measures were in place.
In Perth alone, protective security is now commonly considered for major precincts, civic centres, cultural assets, transport hubs and large retail developments. In regional WA, it applies to airports, health facilities, ports, power generation assets, water infrastructure and mine sites.
How a Protective Security Assessment Works
A holistic assessment typically follows an ISO 31000-aligned process, similar to a security risk assessment but with broader scope:
Understanding the environment
This includes site walk-throughs, document reviews, stakeholder interviews and analysis of site use, operations, crime history and surrounding activity.
Identifying threats and vulnerabilities
Threats may include theft, protest activity, unauthorised entry, terrorism, vehicle intrusion, insider threats, sabotage or accidental harm. Vulnerabilities could be lack of access control, no screening of contractors, poor lighting, unsecured plant rooms or insufficient staff training.
Reviewing current controls
Each protective layer is examined — CCTV, alarms, access control, bollards, building design, staff protocols, information storage, key management, visitor procedures and emergency response.
Testing resilience and response
The assessment looks at how well the organisation can detect, delay and respond to incidents. It also considers business continuity — what happens if a system fails or key personnel are unavailable?
Recommendations and prioritisation
Findings are summarised in clear, actionable language. Each recommendation is risk-prioritised (immediate, short-term or long-term) so decision-makers know where to focus first.
Common Gaps Identified in WA
From experience across WA’s public, education, commercial and resource sectors, some of the most common issues uncovered in Protective Security Assessments include:
- Unrestricted access to plant rooms, roof spaces or equipment areas.
- Staff holding master keys or access cards long after employment ends.
- Security contractors given excessive access without supervision.
- CCTV cameras used only reactively — not positioned for deterrence or real-time monitoring.
- No formal process for incident reporting, review or follow-up.
- Documents containing sensitive information left unsecured in offices or bins.
- Shared buildings where multiple agencies or tenants assume “someone else is responsible for security”.
- Emergency exits or fire doors used as informal staff shortcuts, creating security blind spots.
- Bollards or barriers installed for aesthetics, not impact-rated for vehicle attacks.
How This Differs from a Security Risk Assessment
Both assessments identify risks and recommend controls — but the scope is different.
A security risk assessment focuses on threats, likelihood, consequence and risk treatment strategies. It is primarily risk-driven and often used for planning, council submissions or operational environments.
A protective security assessment is broader. It assesses the entire protective security ecosystem — policies, leadership, culture, technology, facility design, information control and personnel. It asks “Are we protecting what matters across all areas – physical, human, digital and procedural?”
In practice, many organisations use both. A Protective Security Assessment often sits above individual risk assessments, setting the overall security framework for an organisation.
Benefits of Conducting a Protective Security Assessment
- Provides a clear and structured view of current security posture.
- Helps organisations comply with ISO 31000, PSPF, SOCI Act or council conditions.
- Reduces liability by demonstrating proactive risk management.
- Identifies low-cost procedural improvements before expensive technology changes.
- Enhances safety culture among staff and contractors.
- Builds trust with stakeholders, tenants, regulators and community members.
- Supports budget planning and funding submissions with evidence-based justification.
Final Thoughts
In Western Australia, Protective Security Assessments are no longer just for high-risk sites. They’re becoming an essential tool for any organisation that wants to manage risk responsibly — whether that’s a university, council, commercial precinct, shopping centre, cultural asset or critical infrastructure provider.
A well-executed assessment doesn’t overwhelm with jargon or technology recommendations. It provides clarity, simplicity and a roadmap for practical improvement.
Need Help or Advice?
If you’d like support developing a Protective Security Assessment for your organisation, development or facility, you can get in touch with us via the Contact page. We provide independent, Western Australian-based advice, aligned with ISO 31000 and protective security best practice.
