Office security

, , SOPs (Standard Operations Procedures), 0

Office Security

Purpose

To ensure employee safety and well-being, as well as maximize productivity, a company must make its workplace feel as safe and secure as its employees’ homes. A safe and secure office not only protects the employees and visitors, but it also protects its data, documents and other physical assets from theft and damage. Office security helps keep a business up and running on top of reducing its liabilities, insurance, and other related expenses.

Scope

This SOP applies to all employees and visitors working in or visiting the office premises.

Responsibilities

  • Supervisors/Managers/IT:
    • Assist with safety audits.
    • Ensure compliance.
    • Respond to security breaches.
    • Assist during emergencies.
    • Respond to cyber incidents.
  • Staff:
    • Ensure they follow safety procedures.
    • Immediately report any incident to First Aiders, Health and Safety Reps and Human Resources.
    • Participate in safety training.
  • Safety Officer:
    • Conduct monthly inspections.
    • Record and review assessment as needed.
    • Coordinate safety training.
    • Maintain incident records.

Pre Work Procedure

Pre-Start Checks

  • Ensure that all walkways and emergency exits are always clear.
  • Inspect workstations for hazards e.g. loose cables, spills, damaged equipment.
  • Check the fire extinguishers services are up to date and that they have not expired.
  • Check first aid kits are accessible and well stocked.
  • Confirm that electrical equipment is in a good working condition.
  • Report any issues to the safety officer immediately.

Safe Operating Procedure

  • Develop a detailed security plan, highlighting potential risks, necessary steps to mitigating those risks and instructions for recovering from any security incident.
  • Access the security risks to the company, finding where the company is most vulnerable to theft, vandalism, and other forms of attack.
  • Implement actions, systems, and technologies to secure the companies office and assets.
  • Develop an office emergency plan, highlighting where all the emergency exits are found, the emergency evacuation plan must be visible in all shared areas.
  • Develop an access control policy to decide which employees should have access to which areas. Only approved employees can enter designated zones by using their keycard, and employees not approved are restricted from these areas.
  • Install electronic locks on all doors.
  • Record all visitors and contractors, by allowing them to sign in and ensure that they escorted by staff.
  • Secure important or confidential documents e.g. staff files are in lockable cupboards.
  • Always be on the lookout for potentially dangerous packages delivered via the mail or courier service. Develop a policy for how deliveries are accepted and checked.
  • All company computers and devices need to be secured with strong passwords or two step authorisations. Make sure that employees do not write down their passwords, in addition all computers and other devices should be logged and labelled to aid in recovery in case of theft.
  • Areas open to visitors, e.g. meeting rooms, should not have direct access to staff areas, they should also only have guest-level Wi-Fi access which will have no direct connection, to the companies’ main network.
  • Ensure that when employees leave that their security privileges are immediately revoked and that all key cards / access cards and laptops are returned. Reception should also be notified of the termination so that they can keep an eye out for any future unauthorised access by that person.
  • Ensure that workplace measures such as firewalls, encryption, and employee awareness training are up to date as this helps protect a company’s data from unauthorised access, breaches, and cyber-attacks. Safeguarding data is crucial to keep client trust, complying with legal and industry regulations and avoiding financial reputational damage.

Emergency Responses

  • Fire
    • Activate the nearest fire alarm.
    • Evacuate using designated routes – do not use elevators.
    • Assemble at the emergency meeting points.
    • Await further instructions form emergency personnel.
  • Medical Emergency
    • Call emergency services e.g. 10177
    • Notify your first aider, safety officer, and human resources.
    • Provide aid only if trained.
  • Security Breach
    • Alert office manager immediately.
    • Do not confront intruders, lock down the affected zone and follow evacuation procedures if instructed.
    • If person poses a threat contact law enforcement.
    • Record details of the incident for reporting.
  • Data Threat
    • Notify IT & Management immediately.
    • Disconnect affected systems from the network.
    • Disable compromised user accounts or access points.
    • If your company uses a third-party provider, alert them immediately.
    • Notify affected parties as per legal company policy.
    • Depending on the severity, you may need to report to regulators e.g. POPIA.
    • Save logs, screenshots and suspicious emails or activity for incident reporting.

While Waiting for Help:

 In case of injury:

  • Access the severity of the injury.
  • Call the workplace First Aiders for help.
  • If necessary, call emergency services.
  • If necessary, call security to co-ordinate access for emergency services.

 In case of Threat:

  • Find out what data was accessed, altered, or stolen.
  • Check signs of malware, phishing, or insider threats.
  • Review who accessed what and when.
  • Look for anomalies in login times, IP addresses, or file transfers.

Incident Reporting & Investigation

  • Report all incident or near misses and complete an Incident Report Form within 24 hours by reporting it to your Health and Safety Reps, Human Resources, and your manager.
  • Supervisor to conduct a preliminary investigation.
  • Safety officer to perform a root cause analysis.
  • Document all findings and update any relevant risk assessments or SOPs.
  • Ensure corrective actions from investigations are implemented and reviewed for effectiveness.
  • In a case of system threats, apply software updates or security patches and conduct a full security audit. Change passwords and enforce multi-factor authentication. Train staff on data protection and phishing awareness. Back up data regularly and test recovery procedures.

Post-Operation Procedure

  • Ensure that all windows and doors are locked at the end of the business day.
  • Turn off an unplug equipment at the end of the day e.g. heaters.
  • Secure confidential documents and lock drawers.
  • Clean and tidy workstations.
  • Activate security systems (alarms, CCTV, access control)
  • Report any maintenance needs or safety concerns.

Training & Review

  • All staff must receive safety induction training upon joining.
  • Fire drills and evacuation exercises are held bi-annually.
  • Specialised training e.g. (First aid, Fire Fighter) is provided as needed.
  • Review this SOP every 12 months or following any incident.
  • Refresher training provided after incidents or procedural changes.
  • Keep training records and attendance logs for auditing and compliance.

 


Copyright © 2026 EMMC. All Rights Reserved. | Epsidon Technology Distribution (Pty) Ltd T/A Skill Centre
Data Governance | Corporate Governance | Tip Off