Why it matters
Practical evidence, not scanner noise.
Physical controls are only as strong as the processes around them. We help organisations understand whether attackers could bypass the front desk, badge system, or secure areas.
What we test
- Perimeter and entry point controls
- Tailgating and piggybacking attempts
- Badge and RFID cloning where approved
- Social engineering of reception and facilities staff
- Server room and data centre access controls
- Rogue device placement scenarios
- CCTV blind spots and camera coverage
- Document disposal and information leakage
- Visitor management processes
- Employee security awareness
What you receive
- Detailed narrative of each attempt
- Photographic evidence where permissible
- Physical control gap analysis
- Process and policy recommendations
- Staff awareness training recommendations
- Executive debrief
Methodology
How the engagement runs
- 01
Agree sites, permitted techniques, safety contacts, and stop conditions.
- 02
Perform reconnaissance and assess visible control design.
- 03
Attempt approved access paths using realistic but controlled methods.
- 04
Document control gaps, staff interactions, and process weaknesses.
- 05
Debrief stakeholders with practical fixes and awareness recommendations.
FAQ
Common questions
Is physical testing legal?
Yes, when properly authorised. We agree written rules of engagement, locations, dates, techniques, and escalation contacts before any test.
Do you test badge cloning?
Only where approved and safe. If badge cloning is in scope, we define permitted methods and handling requirements in advance.
Will employees be named in the report?
We usually anonymise individuals and focus on processes, controls, and training opportunities rather than blame.
Related services