Skip to main content
In this Article

Operational Requirements in Security

5th October 2023
In this Article

Operational Requirements (OR) are essential for an organisation or security team to produce a clear, considered, and high-level statement of their security needs based on the risks they face.

A well-defined Operational Requirement increases the likelihood of success in any security project and reduces the risk of commissioning expensive irrelevant work. The involvement of key stakeholders in the OR process will increase buy-in for the project, simplifying any organisational or operational change required.

What is an Operational Requirement?

Operational Requirements (OR) is a systematic process that will lead to protective security measures assessed by the likelihood of successful application enabling an organisation to produce a statement of requirement, or a report of need, based on the risk and threat faced by an individual, organisation or event. By completing an OR, you will have a prioritised list of protective security measures and recommendations to implement actions that follow the principles of Deter, Detect, Delay and Respond.

Security Layer Principles

In physical security, layers or principles refer to the fundamental guidelines or approaches followed to ensure adequate security measures. These principles create a comprehensive security posture by addressing different aspects and potential vulnerabilities. The most common principles or considerations in physical security are:

  1. Deter: The principle of deterrence aims to discourage potential threats by implementing visible security measures, such as signage, barriers, or surveillance cameras. The goal is to create a perception of risk and deter potential attackers.
  1. Detect: This principle identifies and detects security breaches or incidents as early as possible. It involves using surveillance cameras, motion sensors, or alarm systems to detect unauthorised access or suspicious activities.
  1. Delay: The principle of delay involves implementing physical barriers or access control measures to slow down or impede unauthorised individuals. This provides additional time for security personnel or authorities to respond to the situation.
  1. Respond: This principle emphasises having appropriate response protocols and procedures in place to address security incidents effectively. It includes training security personnel, establishing communication channels, and coordinating with emergency services.
  1. Recover: The recovery principle deals with the aftermath of a security incident, focusing on restoring normal operations and mitigating the impact. This may involve conducting investigations, implementing corrective measures, or improving security measures to prevent future incidents.

These principles are not rigid rules but guidelines that organisations follow while designing their physical security strategies. By considering these principles, organisations can create a layered and comprehensive approach to physical security, increasing the overall effectiveness of their security measures.

In physical security, the security layer system refers to the combination of physical measures and protocols to protect a physical space, person, or assets from unauthorised access, theft, vandalism, or physical threats.

Physical security relies on multiple layers of protection to ensure comprehensive security. These layers can include various components such as:

  • Perimeter Security: This involves securing the outer boundaries of a facility with features like fences, barriers, gates, or walls, often accompanied by surveillance systems.
  • Access Control: Implementing measures to control and monitor who can enter or exit a facility. This may involve technologies such as access cards, biometric systems, or security personnel.
  • Surveillance Systems: Utilising CCTV cameras, motion sensors, or other monitoring technologies to monitor visually and record activities within and around the facility.
  • Alarm Systems: Installing intrusion detection systems that detect unauthorised entry, triggering alarms and alerting security personnel or authorities.
  • Security Personnel: Employing security teams to patrol the premises, respond to incidents, and enforce security protocols.
  • Environmental Controls: Ensuring safety measures like fire detection and suppression systems, emergency exits, or environmental monitoring systems to protect against disasters or accidents.

By implementing a well-designed security layer system in physical security, organisations can deter, detect, or delay potential threats, and respond to incidents swiftly, to protect the people, assets, and information within the protected space.

Operational Requirement Process

The Operational Requirement process will lead to protective security measures assessed by the likelihood of successful application.

There are six steps in the Operational Requirement process; these are completed using a template:

  1. Dividing up a site (identify the areas or locations for consideration)
  2. Defining the risks and mapping to the areas identified
  3. Identifying and developing the protective security recommendations to address identified risks
  4. Assessment of protective security recommendations (in terms of likelihood of success)
  5. Cross-reference back to risks to identify if the measures in place have mitigated the risks and if the remaining risk (residual risk) is acceptable.

The protective security measures template should identify the security requirement in the following areas.

  • Beyond the perimeter
  • Perimeter
  • Within the site
  • Building or venue
  • Asset and personnel

The layers must integrate with one another to provide a workable protective security solution. 


Operational Requirements (OR) play a crucial role in ensuring the effectiveness and success of security projects. Organisations can identify and address their security needs by conducting a systematic OR process based on the risks they face. This process involves the active involvement of key stakeholders, which increases buy-in and simplifies any necessary organisational or operational changes.

Security layer principles, such as deter, detect, delay, respond, and recovery, further enhance security posture. By following these principles, organisations can create a layered and comprehensive approach to physical security. The OR process, consisting of steps like site identification, risk definition, development of protective security recommendations, assessment of requests, and cross-referencing risks, enables organisations to prioritise and implement protective security measures effectively. Organisations can achieve a robust and holistic protective security solution by integrating these measures and ensuring their interdependence.


Can an OR be used in Close Protection?
Yes, the OR is ideal for residential security. It can also be integrated into other elements of the CP security plan.
Why are operational requirements necessary for security projects?
Operational requirements are essential for security projects as they increase the likelihood of success and reduce the risk of commissioning unnecessary work. Organisations can prioritise protective security measures by defining the requirements and implementing actions based on deterrence, detection, delay, and response principles.
How can key stakeholders be involved in the OR process?
Key stakeholders can be involved in the OR process by actively participating in discussions, providing input, and sharing their expertise. Their involvement increases buy-in for the project and simplifies any organisational or operational changes required.
What are the security layer principles?
The security layer principles are deter, detect, delay, respond, and recover. These principles guide organisations in designing their physical security strategies by addressing different aspects and potential vulnerabilities.
What is the purpose of the security layer system?
The security layer system is a combination of physical measures and protocols used to protect a physical space, person, or assets from unauthorised access, theft, vandalism, or physical threats. It aims to effectively deter, detect, delay, and respond to potential threats.
What components can be included in a well-designed security layer system?
A well-designed security layer system can include components such as perimeter security (fences, barriers, gates), access control systems (access cards, biometrics), CCTV cameras, motion sensors, alarm systems (intrusion detection), security personnel, and environmental controls (fire detection, emergency exits).
How do the different layers of security integrate with one another?
The different layers of security integrate by working in harmony to create a comprehensive protective security solution. Each layer compliments and supports the others, ensuring that potential threats are deterred, detected, delayed, and responded to effectively.
How can operational requirements be used to prioritise security measures?
Operational requirements help prioritise security measures by assessing the likelihood of successful application. This assessment ensures that the most critical and effective measures are implemented first to mitigate risks effectively.
Optimise Your Security Operations with Expert Consultancy
In a world where risks are ever-evolving, having a clear and defined Operational Requirement (OR) is paramount for the success of your security measures. At HZL Group, we excel in crafting tailored security strategies that not only address your unique risks but also align with the core security principles of Deter, Detect, Delay, and Respond. Our expertise in physical security layers ensures a holistic approach to safeguarding your assets, personnel, and operations. Dive deeper into our consultancy services and discover how we can elevate your security posture, ensuring a resilient and secure operational environment tailored to your needs.