Facility Security & Penetration Testing
For KRITIS, NIS2, Defense, and Suppliers
Assessing Your Facility Security and Physical Resilience
With the implementation of the NIS2 Directive and the German KRITIS Framework Act, the expectations placed on companies and their security officers have increased significantly. Beyond cybersecurity, organizations must now also demonstrate physical security measures as part of their resilience plans.
A standard guarding service is no longer sufficient to meet these requirements.
RH Security provides you with a reliable foundation to identify and mitigate physical risks, strengthen protection measures, and verify overall resilience. You benefit not only from one-time assessments but, if desired, from ongoing security assurance by our specialized experts.
Who is affected?
Operators of essential and defense-related services including critical-infrastructure entities and suppliers, as well as many medium- and large-sized companies in critical sectors.
You will find a list of these sectors here.
What Challenges need to be addressed?
It is all about Resilience, which means the ability of an organization to prevent disruptions, adapt to change, and restore functionality after an incident.
Common vulnerabilities include:
Weaknesses in perimeters, facilities, and access-control systems
Insider threats
Complex external attack scenarios
Our First Reality Check: The Physical Penetration Test
Physical penetration testing is a central element of our facility-security approach, complementing preventive controls.
We test your protection measures against physical threats such as sabotage, theft, intrusion, or tampering under realistic conditions.
This gives you a true picture of your facility’s resilience, far beyond theoretical risk assessments.
How We Identify Weak Points
Simulated attacks on fences and gates to assess real resistance
Covert testing of coordination and response capabilities between different security units
Identification of weak points in checkpoints and access areas
Evaluation of how technical systems (access control, CCTV) integrate with personnel measures
Your Basis for the Next Steps
A detailed report outlining vulnerabilities, risk levels, and priorities
Recommendations to immediately close identified gaps
Upon request, we develop a customized protection concept to ensure long-term security for your infrastructure
Additional Preventive Facility-Security Controls
Your existing security service remains the operational foundation.
Our role is to act as an independent second layer of assurance.
We examine your measures and routines in depth revealing what may go unnoticed in daily operations.
In our experience, standard guarding services often cannot conduct the covert testing, vulnerability analysis, or in-depth monitoring required for KRITIS- or NIS2-level compliance. Our security specialists are trained to detect emerging external threats early and to identify insider risks as well. This creates an additional layer of protection, helping you to identify and mitigate targeted risks effectively and sustainably.
The Benefits of Our Complementary Controls
Transparent insight into your real security status
Detection of deviations and vulnerabilities
Optimization of procedures and operational routines
Sustainable protection through continuous monitoring
Your Benefits at a Glance
Comprehensive protection combining preventive controls and physical penetration testing
Clear, prioritized results with actionable recommendations
Specialized professionals with KRITIS / NIS2 expertise
Independent second-line assurance alongside your security service
Documentation that ensures transparency and regulatory compliance
Personal Consultation
I am Ivo Schendel, Owner and Managing Director of RH Security. Security is a leadership responsibility, that is why I personally take the time to address your specific concerns.
Together, we analyze your risks and develop solutions that protect your organization while meeting the requirements of the NIS2 Directive and the KRITIS Framework Act.
In addition to Facility Security and Penetration Testing, we also offer:
I look forward to your inquiry.
What our customers say
Frequently Asked Questions about Physical Penetration Testing and Facility Security for KRITIS and NIS2 Entities
What distinguishes a physical penetration test from a standard inspection?
A penetration test evaluates under real-world conditions whether your protection measures for buildings, grounds, and infrastructure actually hold. An inspection merely verifies their presence.
Is a physical penetration test mandatory?
It is not legally required, but it is a recognized and effective method to demonstrate the effectiveness of facility security measures.
How quickly are results available?
You will receive an initial assessment and immediate recommendations promptly, followed by a structured report with prioritized findings.
Do you work with our existing security service?
Yes. RH Security acts as an independent second-line assurance, cooperating with your existing guard service to enhance overall security.
Do you provide other services related to KRITIS and NIS2?
Yes. Including Executive and Delegation Protection and Security Escort for High-Value Transports.
