SAINT Technology Services

Physical Security

Physical security consulting, project management, and risk assessment.

Most physical security firms show up with a product to sell. We show up to consult. SAINT leads physical security as a consulting and project-management practice — risk assessments, policy development, vendor-neutral system design, and deployment oversight — with a specialty in critical infrastructure environments. When deployment is needed we lead vendor selection and project-manage installation; we’re not box-pushers.

Risk assessments (ASIS / CPTED / NIST 800-82 aligned)
Policy development for access, surveillance, incident response
End-to-end project management (RFP → vendor → deployment → handoff)
Critical infrastructure focus — utilities, healthcare, manufacturing, municipal

How we work

Risk assessment + threat modeling

Documented site walkthrough mapped to ASIS guidelines, CPTED principles, and (for critical infrastructure) NIST 800-82 / ISA-62443. Prioritized risk report — not a sales-pitch PDF. Recommendations include where to invest and where you’re already overspending.

Policy development

Access control policy, video retention schedules, incident response procedures, visitor management standards, after-hours protocols. Written to fit your environment and your auditors, not pulled from a template library.

Project management

End-to-end PM for physical security build-outs and refreshes — requirements capture, vendor RFP and selection, deployment oversight, commissioning, change orders, documented handoff. Your team isn’t left to babysit installers.

Critical infrastructure specialization

Utilities, water systems, healthcare facilities, food manufacturing, and municipal operations have requirements that generic integrators miss — TSA/CISA chemical sector guidance, AWIA risk + resilience reviews for water, NERC CIP physical access controls. We work to the standard that applies to you.

Vendor-neutral system design

We design for outcome, not vendor revenue. Verkada, Salient, Avigilon, Honeywell, Genetec, Hanwha — we have experience across the major platforms and will recommend what genuinely fits your environment, footprint, and budget.

Compliance evidence + audit support

Audit-friendly documentation for HIPAA physical safeguards, PCI-DSS facility controls, CMMC physical protection requirements, CJIS physical access. Retention mapping, training records, drill documentation — the paperwork that turns a deployment into a defensible program.

Frameworks + vendor experience

We’re vendor-agnostic on hardware and platforms — frameworks first, then the system that fits. References below are the frameworks we work to and a sample of the platforms our team has deployed and operated. We support most major vendor environments and adapt to what you already run.

Frequently asked

Do you install cameras?

Our core practice is consulting, project management, policy, and risk assessment. When deployment is part of the engagement, we lead vendor selection and project-manage installation through commissioning and handoff. We use licensed installers (employed or sub-contracted) — your engagement is with us; we own the outcome.

Do I have to buy a specific vendor?

No. We’re vendor-neutral. We have working experience with Verkada, Salient, Avigilon, Honeywell, Genetec, Hanwha and others. We recommend the platform that matches your environment, footprint, integration needs, and budget — not what we resell.

What does a critical-infrastructure engagement look like?

Risk assessment scoped to your sector (NIST 800-82 for OT environments, AWIA for water systems, NERC CIP physical safeguards for power, HIPAA physical safeguards for healthcare), documented threat model, policy development, vendor RFP, deployment oversight, and post-deployment compliance evidence. We coordinate with your safety, compliance, and engineering teams.

Can you write our physical security policy?

Yes. Standalone policy work — access control, surveillance + retention, incident response, visitor management — is one of our most-requested engagements. Outcome is a board-ready, auditor-friendly policy set tailored to your operation, not a template library handoff.

What's the typical engagement?

Risk assessment + documented report: ~7–14 business days. Policy development: 2–4 weeks. Vendor RFP and selection support: 3–6 weeks. Deployment project management runs the duration of the install — typically 4–16 weeks depending on scope. Larger critical-infrastructure projects are scoped individually.

Ready to see where you stand?

A short call, an honest assessment, and a written plan. No pressure to switch providers if you’re already in good hands.