Security of Critical Infrastructure (SoCI)
Security of Critical Infrastructure
What it is
Protective security support for organisations that own or operate critical infrastructure assets. We help you identify and manage security risks to essential services and facilities, strengthen physical and procedural controls, and align security arrangements to regulatory obligations and sector expectations.
When to use this service
You operate critical infrastructure assets (energy, water, transport, telecommunications, health)
You need to strengthen physical security to reduce theft, sabotage, or disruption risk
You have experienced recurring incidents (copper theft, trespass, insider theft, vandalism)
You are expanding, upgrading, or building new infrastructure and need security designed in
You need to demonstrate due diligence to executives, regulators, or governance committees
You require a consistent security approach across multiple sites and remote locations
What you will receive
Critical infrastructure security risk assessment and prioritised risk register
Site-specific recommendations for perimeter, access control, CCTV, lighting, and monitoring
Guidance on operational security procedures (access, contractor management, incident response)
Staged uplift plan aligned to budget and operational constraints
Optional support for technology design, procurement, and vendor evaluation
Executive briefing and implementation planning support
Our process
Scope and asset context: Confirm asset types, site locations, operational constraints, and critical dependencies.
Information gathering: Review incidents, current controls, site documentation, and operational procedures.
Site inspections: Assess perimeter integrity, access points, remote site vulnerabilities, and control effectiveness.
Stakeholder engagement: Engage operations, maintenance, security, and management teams to confirm practical constraints.
Threat and vulnerability assessment: Assess realistic threats including theft, sabotage, insider risk, and disruption, and identify vulnerabilities across physical, procedural, and human controls.
Risk analysis and prioritisation: Assess consequence and likelihood, document assumptions, and prioritise risks based on impact to essential services.
Recommendations and staging: Develop proportionate recommendations and staged uplift options, including quick wins and longer-term improvements.
Reporting and executive debrief: Deliver report and risk register, and brief executives on priorities, investment sequencing, and implementation approach.
Common focus areas for critical infrastructure
Remote site and perimeter vulnerabilities
Copper and equipment theft prevention
Access control, credential management, and contractor access
CCTV coverage, monitoring, and response arrangements
Lighting, barriers, and delay measures
Insider risk controls and procedural compliance
Incident response and escalation pathways
Frequently asked questions
Is this cyber security consulting? No. PSA provides protective security and physical security consulting. Where cyber risk intersects with physical systems (for example, access control or CCTV networks), we consider the implications for system design and data security, but we do not provide cyber security services.
Can you help across multiple sites? Yes. We can assess multiple sites and develop a consistent control standard and staged uplift plan across your portfolio.
Do you recommend replacing existing systems? Only where necessary. We focus on improving control effectiveness and rationalising what you have. Replacement is recommended when systems are end-of-life, not fit for purpose, or create material risk.
Can you support procurement and vendor selection? Yes. We can develop specifications, evaluate vendors, and support tender processes. We remain independent and do not accept commissions.
Related services
Need to strengthen protective security for critical infrastructure? Contact us for a confidential consultation