What it is

A structured approach to planning security improvements across a site or portfolio over time. A security master plan sets the target security posture, defines priorities, and sequences projects so security investment is coordinated, cost-effective, and aligned to operational needs.

When to use this service

• You have multiple sites or a complex facility and need a coordinated security uplift plan

• You are planning capital works, refurbishments, or a new build and want security designed in from the outset

• You have inherited a mix of legacy systems and need a roadmap to standardise and rationalise controls

• You need to prioritise security spending across competing operational demands

• You require a staged plan to address audit findings, incidents, or compliance obligations

• You want to align security outcomes with business objectives and risk appetite

What you will receive

• Current state assessment summary and key security issues

• Target security posture and design principles aligned to your risk profile

• Prioritised program of works (short, medium, long term)

• Concept-level recommendations for physical, procedural, and technology controls

• Budget ranges and sequencing guidance (where feasible)

• Dependencies and integration considerations (access control, CCTV, monitoring, keying, perimeter)

• Governance recommendations for ongoing security management

• Stakeholder debrief and implementation planning workshop (optional)

Our process

1. Scope and objectives: Confirm sites, time horizon, constraints, and decision-makers

2. Current state review: Review existing controls, incidents, documentation, and known gaps

3. Site inspections and stakeholder engagement: Validate operational requirements and constraints

4. Threat and risk context: Confirm realistic threats and risk tolerance driving the plan

5. Design principles and target state: Define what “good” looks like for your organisation

6. Options development: Develop practical options for controls and system architecture

7. Prioritisation and sequencing: Stage works based on risk reduction, feasibility, and disruption

8. Master plan documentation: Deliver the plan, program of works, and governance approach

Standards and frameworks we consider

• ISO 31000 — Risk management principles to ensure security investment is proportionate

• HB 167:2025 — Security risk assessment inputs that inform planning priorities

• PSPF principles — Where government security obligations apply

• Sovereign data security and APP — Where technology and personal information are involved

Frequently asked questions

1. What is the difference between a security master plan and a risk assessment? A risk assessment identifies risks and recommends controls. A master plan turns those recommendations into a staged, coordinated program of works, with sequencing, dependencies, and budget guidance.

2. Do you produce detailed designs as part of a master plan? A master plan is typically concept-level and program-focused. Detailed designs are usually delivered through separate engagements such as security technology design or physical security design.

3. Can you align the plan to capital works and refurbishment schedules? Yes. We can align security works to planned construction and refurbishment timelines to reduce cost and disruption.

4. How long does a master planning engagement take? For a single site, typically 3–6 weeks depending on complexity and stakeholder availability. Multi-site programs may take longer.

5. Will you recommend replacing all our existing systems? No. We aim to rationalise and improve what you have where it is fit for purpose. Replacement is recommended only where necessary to address material risk, compliance requirements, or end-of-life systems. ‍

Related services

• Security Risk Assessment

• Security Technology Design

• Physical Security Design

• Security Strategy Development

Need a staged plan for security uplift?‍ ‍Contact us for a confidential consultation

‍ ‍