The first step in the risk assessment process is a comprehensive examination of the defensibility of the property to be secured - identifying the strengths and weaknesses of the terrain and building design, what security precautions are already in place, and finding where additional measures need to be applied.
A complete vulnerability assessment will look at every trait of the property, even those that may not seem to be relevant. All buildings have some form of security even if it may not be apparent, even if it is only the walls themselves. For something as unassuming as a door, one will need to consider the quality and condition of the door, what kind of lock it has, and how often it will need to be used in normal conditions.
A systematic approach needs to be taken to identify all security deficiencies on the property and what form of physical protection plan should be applied to eliminate them, all while working around the limitations that are unique to that property – a security plan must find a way to be effective without intruding on the productivity and culture of the workplace and remaining mindful of what the overall cost to implement the operation will be.