Skip to content

Security Risk Survey for an Office Building — What It Examines and How It Becomes a Plan

ביטחון ובקרה — A security risk survey in an office building: what a security consultant actually examines, how findin…
In this article
  1. What a security risk survey is — and what it isn't
  2. What the survey actually examines — the building's layers of protection
  3. Why do a survey proactively — and not only when required
  4. How a survey becomes a security plan — five practical stages
  5. The connection between physical security, safety and legal liability
  6. Security requirements and business licensing — what a building manager needs to know
  7. Common mistakes a good survey prevents
  8. Summary — a survey is risk management, not an expense
  9. Frequently asked questions

Most office buildings in Israel treat security as a shopping list: a camera here, a guard there, a barrier at the parking entrance. The problem is that a collection of measures is not a plan, and a plan without a prior diagnosis is a guess. A security risk survey is the stage that comes before everything — an orderly mapping of what really threatens the building, the people in it and the tenants' business activity. Without it, money is spent on measures that may solve a problem that doesn't exist, while the real breach stays open.

What a security risk survey is — and what it isn't

A security risk survey (Security Risk Assessment) is a systematic examination carried out by a certified security consultant, in which they identify the threats relevant to the building, assess the likelihood and severity of each, and examine how well the existing measures address them. The output is not a list of compliments or fears — but a document that ranks risks and proposes a graduated, proportionate response to each of them.

An important distinction: a security survey is not the same as a safety survey. Safety deals with "neutral" hazards — fire, falls, electricity, structure. Security deals with malicious intent — break-in, theft, vandalism, violence, sabotage, unauthorized access to information or infrastructure. The two worlds meet (a security incident can turn into a safety incident within seconds), but the professional logic is different. Mixing them is a common mistake that leaves both weak.

A good survey is also not a generic document. Two office buildings on the same street will receive fundamentally different surveys: if one houses a bank branch and the other startups, if one has an underground parking garage open to the public and the other a closed garage for tenants only — the risks, and therefore the response, are not alike. Any "ready-made template" that arrives without a site walkthrough is at best a marketing document, not a professional survey.

What the survey actually examines — the building's layers of protection

A professional survey examines the building in layers, from the outside in, according to the principle of defense in depth: whoever crosses the outer ring runs into the next ring, and each layer buys time and information. These are the main areas examined in any serious survey:

  • Perimeter and outer envelope: fences, facades, pedestrian access from the street, blind spots, perimeter lighting, and proximity to structures or open areas from which one can penetrate or observe.
  • Entrances and access control: the main entrance, service entrances, emergency exits and roof doors. Every opening is a decision point — who enters, how they're identified, and what prevents unauthorized passage during unstaffed hours.
  • Parking garage: one of the weakest areas. Barriers, vehicle identification, lighting, field of view, passages between the garage and the lobby, and points where a stranger can hide and wait are all examined. In my experience, large underground garages are the breach in which problems are found in almost every building I've surveyed.
  • Sensitive areas: communications and server rooms, main electrical panels, the pump and fire-suppression room, water reservoirs, the generator, archives — any place where damage could shut the building down. Access to them should be restricted, documented and physically secured.
  • Existing electronic systems: camera layout, image quality and coverage angles, recording retention period, the access-control system, the alarm system — and above all: which of them actually work and are monitored, versus what is merely installed and displayed on the sign.
  • The human factor: guards, parking attendants, maintenance staff, contractors and suppliers. Procedures, permissions, key handovers, and the staff's level of familiarity with emergency scenarios are examined.
  • Procedures and routines: who opens and who locks, how guests are received, how a suspicious package is handled, and what happens when an incident occurs. A procedure that isn't written and isn't drilled — doesn't exist.

Note: only two of these areas are "equipment." All the rest are planning, procedures and people — and that is where most of the real breaches lie. Many office buildings spend large budgets on cameras and magnetic locks, but invest nothing in a clear procedure for handing a key to an outside contractor. That is exactly the gap a professional survey is meant to expose.

Why do a survey proactively — and not only when required

In Israel, buildings usually operate under external demand. An anchor tenant conditions signing on a certain security standard; the licensing authority or the police set security requirements as a condition for a business license for some uses; the insurance company asks for an assessment after an incident. In all these cases the survey is done under pressure, on a tight timeline, and from a position of weakness — you're reacting to someone else's demand.

A proactive survey flips the equation. When you commission a survey by choice, you set the pace, budget the fixes over time rather than all at once, and come to every negotiation — with a tenant, an authority, an insurer — with an orderly document that proves responsible management. That is the difference between a property owner who manages risk and one who is dragged along by it.

Four substantive reasons beyond "because they required it"

  • Human safety: in an active office building there are dozens to hundreds of people a day. A security incident — a violent intrusion, a threat, a riot — endangers lives directly, and the building manager's responsibility is first and foremost for their well-being.
  • Legal liability: when an incident occurs, the first question in a legal proceeding or with the insurance company is "were reasonable measures taken." A documented survey and a security plan derived from it are the concrete proof; their absence can serve as evidence of negligence.
  • Protecting the property's value: break-in, vandalism or damage to infrastructure harm the property's value and the tenants' equipment. A survey identifies the points where damage is easy to inflict and expensive to repair — and allows them to be addressed before the problem occurs.
  • The tenants' business continuity: the tenants run businesses. A shutdown due to a security incident — a closed garage, a blocked floor, a damaged server — harms them directly, and may push them out at the end of the lease. A building considered unsafe loses tenants to a competitor.

How a survey becomes a security plan — five practical stages

A survey sitting in a drawer is a waste. The real value is created when it's translated into a security plan — an action document that says what to do, who's responsible, and in what order of priorities. The translation goes through several stages:

1. Ranking risks and prioritizing

Not every risk warrants immediate treatment. Each finding is ranked by likelihood and severity, and from that an order of priorities is derived: what to handle this week, what this quarter, and what enters a multi-year plan. Prioritization prevents the common situation in which you fix what's easy and not what's important.

2. A graduated response — people, procedures, and only lastly technology

For each risk you examine the cheapest and most effective response. Sometimes it's a new procedure (who locks the roof door at the end of the day), sometimes an operational change (a guard patrol at a different hour), and only sometimes is it equipment. This order matters: you buy technology only when a procedure and a person aren't enough. A good plan combines access control and cameras with human procedures — see the expanded discussion on security cameras and access control.

3. Connecting to emergency procedures

Security and safety meet at the moment of an incident. The security plan must connect to the emergency procedures in an office building — because a guard who spots a threat is also the first link in an evacuation, and an emergency door is both a security point and a rescue route. Coordination between the two is a necessary condition for an effective plan.

4. Integration into the ongoing maintenance cycle

A security system is a living system. A blurry camera, a faulty access controller, or a recording deleted too quickly — are worth zero when it matters. Therefore the security measures enter the building's preventive maintenance cycle, alongside the other systems — see the annual preventive maintenance checklist.

5. Periodic re-review

The building changes — tenants come and go, uses change, threats evolve. A survey is not a one-time event but a reference point that must be refreshed periodically and with every substantial change in occupancy, use or the building's surroundings.

The connection between physical security, safety and legal liability

These three concepts are perceived as separate, but in practice they are one circle. Weak physical security quickly becomes a safety failure: a stranger who penetrated the electrical room is a fire and electrocution risk; an emergency door locked "for security reasons" is a death trap in an evacuation. Every security decision is also a safety decision — and therefore the two must be coordinated, not managed separately by two parties who don't talk to each other.

Legal liability closes the circle. A building owner and building manager bear a duty of care toward everyone on the property — tenants, employees, visitors and suppliers. When an incident occurs, the question examined is whether "reasonable measures" that a careful party would have taken in the circumstances were taken. A documented survey and a derived security plan are the concrete expression of that reasonableness. Put simply: the survey is not only a tool for protecting the building — it is a tool for protecting the manager themselves.

This is also why security must not be treated as a "project" that ends. Security is an ongoing management process, an integral part of ongoing property management — not a one-time task you check off. That is how we approach the subject in Domera's property management.

Security requirements and business licensing — what a building manager needs to know

Some uses in an office building are subject to specific security requirements under the Business Licensing Law, 1968, and sometimes to additional requirements from police bodies. These requirements vary by type of business: banks and financial institutions, certain types of commercial space, halls and events — each enters a different track. There is no "single standard" that fits every building.

A professional survey maps which requirements apply to each use in the building, identifies where a gap exists relative to the current state, and prevents the awkward situation in which a business license is delayed or revoked due to a security failure that could have been anticipated and fixed.

Here too it's better to be ahead: a building owner who knows the relevant security requirements in advance can plan spaces, offer them to suitable tenants and negotiate from a position of knowledge. Whoever discovers the requirements only after the tenant has signed and applies for a license — discovers them the expensive way.

Common mistakes a good survey prevents

  • Buying before diagnosing: installing cameras and barriers without understanding the real risk — money down the drain on the wrong breach, while the right breach stays open.
  • Focusing on the main entrance only: while the service entrances, the roof door, the emergency exits and the garage remain accessible to all.
  • Equipment without a procedure: a camera no one watches in real time; an alarm no one knows who it calls and what to do when it rings.
  • Confusing security with safety: leading to a solution that worsens the other problem — such as locking emergency exits "for security reasons."
  • A one-time survey that isn't updated: a four-year-old document that no longer reflects the building, the occupancy or the current threats.
  • Not documenting the survey and the derived actions: even if good work was done in the field, without written documentation there is no proof of reasonable responsibility toward a third party.

Summary — a survey is risk management, not an expense

A security risk survey is not just another line in the maintenance budget. It is the foundation that turns security from a random collection of measures into a managed plan — a plan that protects people, the property and the manager themselves. Whoever carries it out on their own initiative buys control: over the pace, over the budget, and over the story that will be told on the day something happens. And in an office building, the question is not whether an incident will occur — but when, and whether you'll be ready or caught by surprise.

Frequently asked questions

What is the difference between a security risk survey and a safety survey?

A safety survey deals with neutral hazards — fire, falls, electricity, structure. A security survey deals with malicious intent — break-in, theft, vandalism, violence and unauthorized access. The two meet at the moment of an incident (a stranger in the electrical room is also a fire risk), but the professional logic is different, and mixing them leaves both weak.

Who carries out a security risk survey for an office building?

A certified security consultant, through a physical walkthrough of the building across all its layers — perimeter, entrances, garage, sensitive areas, existing systems and procedures. A generic template that arrives without a walkthrough is not a real survey, because the risks, and therefore the response, differ between one building and another.

Why do a security survey on your own initiative and not only when someone requires it?

A survey done under pressure — a tenant's demand, a licensing authority or an insurer after an incident — is done from a position of weakness and on a tight timeline. A proactive survey lets you set the pace, budget fixes over time, and come to every negotiation with a document that proves responsible management. In addition, it saves money: you discover the breaches before, not after, an incident.

How does a security survey protect the building manager from legal liability?

When an incident occurs, it's examined whether 'reasonable measures' that a careful party would have taken were taken. A documented survey and a derived security plan are the concrete proof that you acted responsibly — their absence can serve as evidence of negligence before a court or an insurance company. Both the building owner and the building manager bear a duty of care toward everyone on the property.

Which legal and licensing requirements relate to office-building security?

Some uses — banks, financial institutions, certain commercial spaces and halls — are subject to specific security requirements under the Business Licensing Law, 1968, and sometimes to requirements from police bodies. The requirements vary by type of use, so a professional survey maps what applies to each tenant in the building and prevents licensing delays.

How often should the security survey be refreshed?

The survey is not a one-time event. The building changes — tenants come and go, uses and threats evolve. It's recommended to refresh the survey every few years, and with every substantial change: a new anchor tenant moving in, a change of use on a floor, construction work in the surroundings, or after any security incident.

A question about the platform?

Reach out directly to Andrey Kozakov, founder of Domera and a building manager.

Contact