How to Secure a Facility for SOC 2 Building Security Protocols

In our ongoing series, we delve deeper into TEAM Concept Printing's commitment to achieving SOC 2 compliance. In this installment, we focus on the critical aspect of physical security measures within the facility. We sat down with Terry Wiersma, Operations & Prepress Manager at TEAM Concept Printing, to discuss the steps taken to secure the facility in alignment with SOC 2 building security protocols.

Q1: Terry, can you provide an overview of the physical security measures implemented at TEAM Concept Printing to meet SOC 2 building security protocols?

Terry Wiersma: To align with SOC 2's building security requirements, we've undertaken several key enhancements. These include installing 24/7 video surveillance across all critical areas, implementing badge access control systems to restrict entry to authorized work groups, and conducting regular security audits to identify and address potential vulnerabilities.

Q2: How did you assess the existing security infrastructure before implementing these measures?

Terry Wiersma: We began with a comprehensive security audit, evaluating our current systems against SOC 2 requirements. We actually did better on the rating than anticipated, but we still had room to improve to get to SOC2 levels. The main opportunity to improve was in access control and a few gaps in surveillance coverage. The audit was a good exercise to go through.

Q3: Can you provide an overview of the physical security systems implemented at TEAM Concept Printing to align with SOC 2 protocols?

Terry Wiersma: Absolutely. To meet SOC 2 standards, we’ve invested heavily in a multi-layered security infrastructure. Specifically, we’ve implemented HID Global badge access control systems at all exterior entrances and critical interior zones (e.g., server rooms). We also added 24/7 remote video surveillance monitoring integrated through a cloud-based Video Management System. And finally, we enhanced our visitor management system (VMS) with badging and check-in kiosks, requiring visitors to sign in, show ID and wear time-expiring badges.

Q4: What role does employee training play in maintaining building security, and how is it integrated into your operations?

Terry Wiersma: Employee training and department communication was pivotal. We conduct monthly security awareness sessions, educating staff on the importance of physical security and their role in maintaining it. This includes training on the importance of handling  access badges, secure building entry points and adherence to security protocols.

Q5: What challenges did you face during the implementation of these physical security measures, and how were they overcome?

Terry Wiersma: One significant challenge was coordinating the installation of security systems without disrupting ongoing operations. At TEAM, we run three shifts so this took coordination. We scheduled installations during off-peak hours and communicated effectively with all departments to ensure minimal impact. Additionally, the initial investment required for these upgrades was substantial, but we viewed it as a necessary expenditure to protect our clients' data and maintain compliance.

Q6: How do you ensure that these security measures remain effective over time?

Terry Wiersma: We have established a routine maintenance and review schedule. This includes regular system checks, updates to access permissions, and ongoing training for staff. Furthermore, we stay informed about emerging security threats. We are also sharing what clients are saying about the certification with our production team and how pleased they are. We celebrate new accounts won or doors opened by being a SOC2 provider.  Everyone in our company gets the importance of this.

View the full Printing Impressions article here.