Planning and documenting facility security inspections

The organization must establish and maintain a plan for conducting inspections of facility security measures. The plan must define how often inspections are carried out and cover all relevant physical security controls and systems, including those related to facility resilience, controlled access, protection against unauthorized entry, and alarm handling.

The organization must keep detailed control logs for each inspection. Each log must at minimum record:

• where the inspection was conducted,
• when the inspection was conducted
• how the inspection was conducted
• any errors or deviations found
• how and when these issues were rectified
• the investigation and root cause analysis of any errors or deficiencies

When errors or deviations cannot be rectified promptly, the organization should prepare a documented remediation plan specifying how and when they will be fully corrected. The plan should explain why immediate correction isn’t possible, outline temporary safeguards, set a clear target date for full resolution, and assign an accountable person or team.

During the next scheduled inspection, the team must verify that all previously found issues have been fixed. This includes checking that corrective actions worked as intended and that the same problems are unlikely to reappear. Persistent issues should be escalated for further review.