Physical Security
Physical security consulting, project management, and risk assessment.
Most physical security firms show up with a product to sell. We show up to consult. SAINT leads physical security as a consulting and project-management practice — risk assessments, policy development, vendor-neutral system design, and deployment oversight — with a specialty in critical infrastructure environments. When deployment is needed we lead vendor selection and project-manage installation; we’re not box-pushers.
How we work
Risk assessment + threat modeling
Documented site walkthrough mapped to ASIS guidelines, CPTED principles, and (for critical infrastructure) NIST 800-82 / ISA-62443. Prioritized risk report — not a sales-pitch PDF. Recommendations include where to invest and where you’re already overspending.
Policy development
Access control policy, video retention schedules, incident response procedures, visitor management standards, after-hours protocols. Written to fit your environment and your auditors, not pulled from a template library.
Project management
End-to-end PM for physical security build-outs and refreshes — requirements capture, vendor RFP and selection, deployment oversight, commissioning, change orders, documented handoff. Your team isn’t left to babysit installers.
Critical infrastructure specialization
Utilities, water systems, healthcare facilities, food manufacturing, and municipal operations have requirements that generic integrators miss — TSA/CISA chemical sector guidance, AWIA risk + resilience reviews for water, NERC CIP physical access controls. We work to the standard that applies to you.
Vendor-neutral system design
We design for outcome, not vendor revenue. Verkada, Salient, Avigilon, Honeywell, Genetec, Hanwha — we have experience across the major platforms and will recommend what genuinely fits your environment, footprint, and budget.
Compliance evidence + audit support
Audit-friendly documentation for HIPAA physical safeguards, PCI-DSS facility controls, CMMC physical protection requirements, CJIS physical access. Retention mapping, training records, drill documentation — the paperwork that turns a deployment into a defensible program.
Frameworks + vendor experience
We’re vendor-agnostic on hardware and platforms — frameworks first, then the system that fits. References below are the frameworks we work to and a sample of the platforms our team has deployed and operated. We support most major vendor environments and adapt to what you already run.
Frequently asked
Do you install cameras?
Our core practice is consulting, project management, policy, and risk assessment. When deployment is part of the engagement, we lead vendor selection and project-manage installation through commissioning and handoff. We use licensed installers (employed or sub-contracted) — your engagement is with us; we own the outcome.
Do I have to buy a specific vendor?
No. We’re vendor-neutral. We have working experience with Verkada, Salient, Avigilon, Honeywell, Genetec, Hanwha and others. We recommend the platform that matches your environment, footprint, integration needs, and budget — not what we resell.
What does a critical-infrastructure engagement look like?
Risk assessment scoped to your sector (NIST 800-82 for OT environments, AWIA for water systems, NERC CIP physical safeguards for power, HIPAA physical safeguards for healthcare), documented threat model, policy development, vendor RFP, deployment oversight, and post-deployment compliance evidence. We coordinate with your safety, compliance, and engineering teams.
Can you write our physical security policy?
Yes. Standalone policy work — access control, surveillance + retention, incident response, visitor management — is one of our most-requested engagements. Outcome is a board-ready, auditor-friendly policy set tailored to your operation, not a template library handoff.
What's the typical engagement?
Risk assessment + documented report: ~7–14 business days. Policy development: 2–4 weeks. Vendor RFP and selection support: 3–6 weeks. Deployment project management runs the duration of the install — typically 4–16 weeks depending on scope. Larger critical-infrastructure projects are scoped individually.
Ready to see where you stand?
A short call, an honest assessment, and a written plan. No pressure to switch providers if you’re already in good hands.
