64 ◾ The Security Risk Assessment Handbook
© 2011 by Taylor & Francis Group, LLC
control may not be under the control of the organization seeking the assessment.
Furthermore, this organization may not be able to grant sucient access for the
security risk assessment team to eectively assess the adequacy of these controls.
Either the organization should obtain permission and adequate access for the secu-
rity risk assessment team, or they should request the organization that does control
the building’s physical security controls to obtain and share an objective security
risk assessment covering those elements.
Administrative boundaries are typically dened by a description of the poli-
cies and procedures covered by the assessment. e complete ...