Base Building Security/FAQ

From wiki
Jump to: navigation, search


Frequently Asked Questions (FAQ) for the Base Building Security Standard

What is base building security vs tenant security?

  • Base Building Security: the baseline security that must be provided by the owner of the occupied building. This may include, but is not limited to door locks, alarm systems, fences, including their structure, electrical, and systems.
  • Tenant Security: the security of the operations and personnel of departments that occupy the asset.

Can threats due to the tenants’ operations be considered base building security threat?

Tenants’ operations can generate vulnerabilities to base building security. For instance, if a protest takes place near one of the tenant spaces (example: Blocking pathways, vandalism, damaging windows, breaking fences, etc.), this can cause security concerns for base building. However, if there are threats to the security of tenant personnel such as harassment and etc., then this is not a threat to base building security.

How can one differentiate tenant security costs from base building security costs?

If the tenants’ program requires any security materials or services that are over and above what the building owner or landlord provides as a standard (according to the lease or occupancy agreement), the cost for that material or service is generally considered a tenant cost.

However, any cost to the tenant which is associated with security required for an inappropriate office space or other reason outside of their choosing (example: office space negotiated in a part of town deemed unsafe after move-in), must be covered by PSPC according to the 2019 Treasury Board Secretariat Policy on Government Security.

Is there a directive that states that we do not have to share the FSAA with other government departments?

No, there are no written directives. In the past, Threat and Risk Assessments – now known as Facility Security Assessments an Authorization (FSAA) have been structured in a way that required a discreet handling of the information. Protected B information was not provided to anyone without proof of cause.

At the present time, PSPC has created templates which allow more transparency, as long as the tenant provides permission to distribute the information to the stakeholders involved in the assessments.

What is climate change adaptation and how can this be applied to base building security?

Climate change adaptation is a response to global warming. The Intergovernmental Panel on Climate Change defines adaptation as: 'the process of adjustment to actual or expected climate and its effects.’ Climate Change Adaptation in base building security context is responding to climate change effects on base building security. Buildings, building systems and critical infrastructure are particularly vulnerable to the effects of climate change. Reporting indicates that buildings have already experienced reduced service life/functionality and an increase in system failures and infrastructure degradation/damage due to increased volatility from climate change, especially buildings that were built to older building codes. The location of the built assets is also a factor in their vulnerability. Depending on where they are, buildings and the loads on building structures will be subjected to more frequent strong winds, increased heat loads particularly in cities (Urban Heat Island effect) and, flooding and water incursion that accompanies extreme weather events.

What is an FSAA?

An FSAA is a Facility Security Assessment and Authorization. It is an evaluation and report that identifies the security vulnerabilities and weaknesses of all kinds and from all sources for a particular facility and provides recommendations on mitigation options. This enables PSPC, as the custodian, to coordinate the appropriate safeguards to ensure the continued operation of the GOC programs and the asset, as well as ensures sound stewardship of PSPC assets. The authorization portion is the cyclical review of the facility by the departmental security officer or designated representative of the evaluation and assessment.

What is the difference between a Threat and Risk Assessment and Facility Security Assessment and Authorization (TRA vs FSAA), and a site vulnerability assessment (SVA)?

  • Facility Security Assessment and Authorization (FSAA) was formerly known as a Threat and risk Assessments: means an evaluation of the possibility an asset may be compromised through exploitation of its vulnerabilities, taking into account the effectiveness of existing and proposed security measures.
  • Base Building FSAA: An assessment that prescribes how to conduct threat and risk assessments specifically designed for base building; that support the protection of custodial assets and the implementation of this standard.
  • Site Vulnerability Assessment: A process where a security expert reviews the possible and anticipated security weaknesses of a site where PSPC would like to build, lease or locate occupants. It is possible that prior risk assessment reports have already been done, but changes to the tenant programs in the building require follow up and monitoring in order to ensure building security is still serving its inhabitants properly.

What is a security design brief?

  • A Security Design Brief: is a report that describes the physical protection philosophy and concepts, as well as physical safeguards, for a facility that are to be integrated into design and conception based on the FSAA. For example, specific recommendations can be given on the type of equipment and perimeter defense that should be used to ensure the protection of Government of Canada spaces, information, personnel and assets.

Will the Base Building FSAA tell me what I need to improve to meet the base building security standard?

Yes, it will identify the gaps in the base building security and provide recommendations on closing them.

Will the Base Building FSAA tell the occupants what they need to improve to meet their tenant-specific security standard?

No, the purpose of the Base Building FSAA is to establish and maintain confidence in the security of facilities that are managed by PSPC, while considering stakeholder security requirements. It will not provide recommendations on the building’s occupant’s programs or to the occupants’ spaces.

We did a TRA two years ago, how is this FSAA different?

The new Base Building FSAA includes a broader definition of risks and vulnerabilities, including environmental concerns due to global climate change. It will also indicate whether or not tenant programs would bring a threat to the base building security as well.

Will the consultants be looking into the lives and finances of employees?

No, the Base Building FSAA will only assess the risks to the building from a various sources and programs but not individuals.

When is the FSAA for my building?

Every facility has a different completion date in a five-year cycle. To find out the specific date of your last TRA or FSAA, please contact the RPB-PFMSL-OSEM-NQMMS Base Building Security team by email at SI Sécurité Immeuble / RPS Base Building Security (TPSGC/PWGSC).

Will I need a new FSAA:

  • when a new occupant move in? Yes, an FSAA is required when a new department moves in or if an existing occupant brings in a new group with a different mandate or program
  • when we have renovations? If the renovations are minor and do not affect the base building access or exterior, you might not need to have the FSAA revised. To be sure, you should contact SI Sécurité Immeuble / RPS Base Building Security (TPSGC/PWGSC).
  • when an occupant moves out? You do not need a new FSAA when an occupant moves out unless they will be replaced by new occupant.
  • when there is a major change to occupants programs? If you are made aware of a major review which changes the occupants programs and their new mandate could increase their risk of being a target, it is a good idea to have the existing FSAA reviewed. Contact SI Sécurité Immeuble / RPS Base Building Security (TPSGC/PWGSC) for more assistance.

Who will pay for the recommendations to base building?

It depends on certain criteria. Most recommendations to base building will be funded by PSPC and/or the building owner and some might be funded by the occupants. The recommendations will be reviewed by the Property and Facility Management Team along with the Infrastructure Protection and Base Building Security Operations after the FSAA is completed.

Can the occupants of my location have a TRA done in addition to your FSAA?

Yes, the occupants program and space can have a TRA completed by contacting the SI Sécurité Immeuble / RPS Base Building Security (TPSGC/PWGSC). They will be responsible for funding their report and for providing a scope of work indicating the work to be performed.

Who participates in the FSAA meeting?

The Project Authority (from PSPC-RPB-NQMMS Base Building Security) assigned to the project, the PSPC DOB IPBBSO security analyst, the security consultant, the Property and Facility Management Team or one of their representative, and any other participants as required or invited by the previously listed participants.

Who should be interviewed for the FSAA?

Someone from the Property and Facility Management Team for the facility, the building owner or their representative, the building service technician, or the most senior security person for the occupants of the leased or owned space.

What information do we need to provide to the consultants to do their assessment?

The consultant will request a series of documents such as any building plans such as fire safety and evacuation, building schematics, police reports, and information on abnormal occurrences. The consultants will request the information for the most senior security person for each occupant of PSPC spaces whose programs could compromise the security of the base building.

How long does it take to complete an FSAA?

It takes approximately 45 business days from the initial meeting to the report being submitted. Larger or more complex infrastructure, or facilities with many occupants, could take over 90 days; while smaller, vacant spaces can be often be fast tracked.

The two longest parts of the FSAA:

  • Getting the required information and documentation gathered to create the call-up against the standing offer or the purchase order, and;
  • Scheduling interviews with the required stakeholders and receiving the required reports and documents for the building.

Who reviews the FSAA draft and final report?

The Project Authority from PSPC-RPB-NQMMS Base Building Security assigned to the project, the PSPC DOB IPBBSO security analyst and the PFM Team are invited to review the drafts and final reports to comment and recommend additions and deletions of information. Although we cannot remove the vulnerabilities identified by the consultant, we can work on the recommendations.

Who provides expertise on the information contained in the FSAA report?

A private professional security consultant that is certified and has relevant experience will perform the assessment and write the report. The information will be reviewed and confirmed by the PSPC DOB IPBBSO security analyst. The Property and Facility Management Team is always invited to review and comment on the report. Although this team is not a security expert, they are very familiar with their buildings and their occupants.

Do I have to get an FSAA done for my building?

If the building has been scheduled for an FSAA, yes, the FSAA must be completed. It is part of the PSPC Base Building Security Standard that all PSPC custodial infrastructure be reviewed every five years.

The owners/occupants do not want to collaborate with the FSAA process, what do I do?

We will try and support you in negotiations with the owner or occupant. However, regardless of their active participation, the FSAA will be completed and they may be informed that they need to pay for and implement some security recommendations. It is in their best interest to participate to avoid misunderstandings and additional costs due to insufficient information.

Do you have any more questions?

Contact the SI Sécurité Immeuble / RPS Base Building Security (TPSGC/PWGSC) team for more information.

Base Building Security

Français Foire aux questions