Your browser version is outdated. We recommend that you update your browser to the latest version.

Excellence in Physical Security: A Human Systems Approach

FEATURES: NZ Security, June 2016

Jas Qadir, a Masters in Engineering Project Management candidate at AUT University, asks do the policies/work culture of an organisation drive its physical and access security needs? This article draws from his research.

Jas Qadir finds access control gapsJas Qadir finds access control gapsWe all have, at least once, propped open doors for house staff carrying cups of coffee as a matter of courtesy in our workplace. We have also propped doors open for colleagues in the work place who might have forgotten their access cards at home. These innocent acts of courtesy – and other very human and seemingly harmless practices – can, of course, be exploited and result in breaches of security.

In other cases, we have security systems in our workplaces that generate ‘goal conflicts’ between the security practices and productivity levels demanded. Such systems effectively force staff to abandon or to interfere with the system in order to meet targets. Again, this opens opportunities for either casual or planned incursion.

As part of my Masters in Engineering Project Management degree at AUT, I decided to look at the ways in which these potential breaches occurred, and to find out what we can do about avoiding them. My approach was to firstly look at the internationally published research on this, and then to talk to people in New Zealand workplaces to see if the same problems and solutions were suggested locally.

I was surprised to find that according to the published research, physical security is compromised more often by people taking advantage of an employee’s trusting nature than through hacking of technology. Such breaches are also more common than breaches by computer virus or systems breakdown. The data collected within NZ supported this, with tailgating and piggybacking of colleagues and visitors to workplaces noted as the most common forms of compromise.

Participants in the study suggested that in comparison to overseas countries they detected an overly complacent approach here: the “we are safe and secure” New Zealand attitude. The study findings suggest a culture among employees in NZ that is too tolerant of unauthorised entry into premises and the creation of multiple identities in access systems’ databases.

I was also surprised to find that employees struggled with their workplace’s security policies and found it uncomfortable to ask security related questions to their colleagues on matters such as mandatory ID compliance. The goal conflicts created in these situations were due to the ‘authority gradient variation’ or cultural conflict involved, ie. the discomfort felt in the thought of challenging colleagues for their identification or their purpose for entering the premises.

The research has shown that in many workplaces, the people responsible for security place a higher importance on technology rather than on ensuring the implementation of appropriate security policies in the workplace. Further research has also shown that there is an absence of critical “third-party” perspectives that can assess the security requirements of an organisation based on the work culture and accordingly find the technological solution required. This means that opportunities to identify cost and time efficiencies are lost.

Global research on best practices has also shown that technological access control methods such as access cards and biometric scanners are increasingly effective when the culture and policies of a workplace can successfully integrate with them.

So what can we do about it? There appears to be three major areas where extra focus could reap rewards:

  1. Design process – The people who actually operate physical security systems are the real experts about what is practical and sustainable. These subject matter experts can assist in a number of ways, for example by identifying high risk / high pressure scenarios where the system will be most severely tested. These scenarios can then be used in trial simulations.
  2. Prioritisation and channelling of resources, and measuring improvements – Many security systems become discredited in the eyes of the users because it is apparent that the organisation has abandoned attempts to control the more difficult problems and is simply enforcing the easy rules. To break this cycle, it has to be possible to measure the impact of interventions, the changes made to try and improve security performance in key areas.
  3. Organisational learning and systematic continual improvement – No technology-based system lasts forever, but neither should they be left to degrade to laughable levels of leakiness before they are replaced.

 The consequences of physical security breaches can be monumental, in terms of loss of life, revenue, clients and/or reputation. The answer does not lie in technology alone, but in pragmatic and constantly evolving human-systems security integration.


As the next step towards completing his Masters in Engineering Project Management at AUT, from July 2016 Jas is keen to move into a role that allows him to continue to develop his understanding of the market and its emerging opportunities. He is looking forward to working with industry experts to make security management efficient, and can be contacted on 0223912198 or at

Back to Security

Follow us


Contact us

Phone: 022 366 3691


© 2015. Defsec Media Limited. All Rights Reserved.






Line of Defence     

Fire NZ     

NZ Security