A security area must have a clearly defined visible boundary. If the area does not have a storage solution assessed as sufficient for information storage, the walls, floor, ceiling, windows, and doors must provide the level of security required for storing the information.

Openings in the area that are not used for passage must be lockable or closed off with bars or strong steel grilles, in order to reliably control access to the area. Such openings must be monitored by an intrusion detection system if the area is not staffed around the clock or if the premises are not inspected at the end of normal working hours and at random times outside working hours.

The structures of the area must be reinforced if classified information is stored there and the risk of forced entry is assessed as likely. In such cases, the boundary and structures of the area should be made of concrete, steel, brick, or strong wood. Inadequate structures, such as normal office construction, must be reinforced. These reinforcements must be evaluated in relation to the additional protection provided by the surrounding premises and the response time of security personnel.

Emergency exits must not pass through the security area.