A 10-Point Checklist for Your Next Warehouse Security Audit: (Based on TAPA Level A Standards)
Cargo crime across the UK has evolved into a highly coordinated, intelligence-led threat. According to insights from the Transported Asset Protection Association’s Incident Information Service (IIS), organised cargo theft continues to rise year-on-year, with criminals targeting predictable routes and facilities—particularly those operating along key corridors near Heathrow and the M25.
This checklist is based explicitly on TAPA FSR 2023 Level A, the most stringent facility security requirement currently available. Even if your warehouse is not pursuing formal certification, auditing against this standard delivers measurable benefits: reduced insurance premiums, lower shrinkage, and increased trust from high-value clients.
From extensive operational experience across London’s logistics network, one reality is clear: the warehouses that get targeted are rarely the ones with the worst technology—they are the ones with the weakest discipline.
Perimeter and Outer Shell Integrity
A compliant perimeter under TAPA FSR 2023 Level A requires fencing of at least 2.5 metres, reinforced with anti-climb features such as rotating spikes or angled toppings. However, the audit should go beyond specification and focus on condition. Weak joints, corrosion, or poorly secured sections are common failure points.
TAPA strongly favours a minimalist approach to entry points. Each additional gate introduces complexity and risk. A well-audited site will have clearly defined, limited points of entry, all actively monitored.
Natural surveillance is a critical but often underutilised concept. Landscaping should eliminate hiding places, while lighting ensures full visibility without creating a fortress-like environment. The goal is deterrence through visibility, not intimidation.
Access Control and the Rule of Least Privilege
Under Level A, access control must reflect the principle of least privilege. Employees should only access zones essential to their role, and permissions should be dynamically reviewed.
For high-value areas, multi-factor authentication is strongly recommended. This typically combines access cards with biometrics such as fingerprint recognition. Compared to standalone fobs, MFA significantly reduces the risk of credential misuse.
An additional best practice at Level A is the Two-Person Rule for high-value cages. No single individual should be able to access the most sensitive goods alone. This simple control dramatically reduces insider threat risk and creates built-in accountability.
Visitor protocols must be uncompromising. All visitors should be pre-registered, logged on arrival, issued time-bound credentials, and escorted at all times. Expired badges should be automatically invalidated.
A robust audit includes behavioural testing. Tailgating and piggybacking scenarios should be simulated regularly to assess whether staff challenge unauthorised access attempts.
CCTV and Video Surveillance Architecture
A TAPA-compliant CCTV system must eliminate single points of failure. This means NVR redundancy, backup storage, and overlapping camera coverage in critical zones.
TAPA FSR 2023 specifies a minimum 90-day retention period, with sufficient resolution to enable facial identification at entry points. Pixel density must be calibrated for identification, not just general monitoring.
Modern systems should incorporate edge-based analytics, where processing occurs directly on the camera. This reduces latency and allows real-time alerts for behaviours such as loitering or perimeter breaches, even if network connectivity is disrupted.
Security Lighting and Emergency Power
Lighting must meet defined lux thresholds to ensure both safety and surveillance effectiveness. Under TAPA guidance, general areas should maintain a minimum of 5 lux, while identification-sensitive zones, such as entry points and access control areas, require significantly higher illumination.
Lighting audits should always be conducted during night conditions to validate real-world performance.
Power resilience is equally critical. UPS systems must sustain all security infrastructure, including CCTV, access control, and alarm systems, for extended periods during outages. In high-risk environments, systems should remain operational for several hours, not minutes.
Intrusion Detection Systems
Level A environments require layered intrusion detection. Dual-technology sensors, combining passive infrared (PIR) and microwave detection, are standard to reduce false alarms while maintaining sensitivity.
All alarms must be connected to a Grade A1 central monitoring station, ensuring immediate response capability. An unmonitored system does not meet the intent of TAPA compliance.
High-Value Storage Areas
High-value storage areas must be fully enclosed with five-sided protection, including floor and ceiling integrity where applicable. These cages are controlled environments designed to resist both external intrusion and internal misuse.
Access should be tightly restricted, logged, and monitored. Dedicated alarm zones must trigger immediate escalation, ensuring that any breach receives priority response.
Dock and Shipping Bay Security
Loading docks represent one of the highest-risk areas in any warehouse. Operational pressure and constant movement create opportunities for exploitation.
Trailer seals must comply with ISO 17712 standards, with strict verification protocols at both arrival and dispatch. Drivers must be validated against a pre-approved expected arrivals list without exception.
Pre-loading remains a critical vulnerability. Goods left on docks overnight are exposed regardless of surrounding controls. TAPA best practice strongly discourages this, advocating tightly scheduled loading operations.
Personnel Security and Internal Threats
All personnel with access to sensitive areas should be vetted in accordance with BS7858 standards. However, compliance alone is insufficient without a strong security culture.
Employees must feel responsible for security and empowered to report suspicious behaviour. A disengaged workforce creates blind spots that no technology can compensate for.
Facility design also plays a role. Staff lockers should be located outside operational areas to reduce opportunities for concealment or unauthorised removal of goods.
IT and Cybersecurity for Physical Security
Physical security systems are increasingly dependent on digital infrastructure. IP cameras, access control systems, and IoT devices can all serve as entry points if improperly secured.
A critical but often overlooked risk is port security. For example, a camera mounted 2.5 metres high may appear secure, but if its ethernet cable or network port is accessible, an intruder can connect a device and gain network access. This creates a direct bridge between physical and cyber vulnerabilities.
Unencrypted devices further increase exposure. Attackers can intercept or manipulate data if proper encryption is not enforced.
Best practice requires network segregation, with all security systems operating on a dedicated VLAN, completely isolated from corporate IT and guest networks.
Testing, Training, and Drills
Testing must be systematic and frequent. Leading facilities conduct quarterly red-team exercises to simulate real-world attacks, alongside bi-annual penetration tests for both physical and cyber systems.
Incident response training ensures that staff can act immediately and effectively in high-pressure situations. Procedures must be clear, rehearsed, and regularly updated.
Operational Reality vs. Compliance: The Shadow Audit
One of the most valuable additions to any audit process is the concept of a “shadow audit.” This focuses not on what systems are installed, but on how they are actually used.
In practice, staff often bypass controls for convenience. Secure doors may be propped open, access cards shared, or visitor procedures ignored during busy periods. These behaviours create vulnerabilities that no checklist can detect unless actively observed.
A shadow audit examines intent and behaviour. It answers a critical question: are your systems being followed, or quietly bypassed?
Visualising Security: The Concentric Circles of Protection
A useful way to understand TAPA Level A is through a layered security model:
Outer Circle: Perimeter fencing, gates, lighting
Middle Circle: Access control, guards, visitor management
Inner Circle: Surveillance, intrusion detection, analytics
Core Circle: High-value storage areas and restricted zones
Each circle acts as an independent barrier. If one layer fails, the next continues to provide protection. This “defence in depth” model is central to Level A compliance.
The Business Case: From Cost Centre to ROI
Aligning with TAPA FSR 2023 Level A is not just about compliance; it is a financial strategy.
Warehouses that meet Level A standards often experience:
Insurance premium reductions in the range of 10% to 25%, depending on risk profile
Noticeable decreases in shrinkage and loss incidents
Increased eligibility for high-value contracts, particularly in sectors like pharmaceuticals and electronics
In many cases, the return on investment is achieved within 12 to 24 months.
Common Failures That Undermine Security
Even well-equipped warehouses fail audits due to simple oversights. Fire exits left propped open, outdated access credentials assigned to former employees, and poorly maintained cameras are recurring issues.
These are not technology failures. They are discipline failures, and they are exactly what organised cargo crime groups exploit.
From Compliance to Competitive Advantage
A warehouse security audit aligned with TAPA FSR 2023 Level A is far more than a regulatory exercise. It is a strategic differentiator.
In a competitive logistics market like London, the ability to demonstrate rigorous, independently benchmarked security can be the deciding factor in winning contracts with global retailers and pharmaceutical companies.
When executed properly, security becomes more than protection. It becomes proof of reliability, professionalism, and trust across the entire supply chain.
