All the best technology in the world is useless if an organisation's staff ignore the security policy, but the efficacy of a policy may also be undermined if the organisation neglects the physical security of its premises and business assets. Context recommends a full assessment of an organisation's physical security. This might include a consultant attempting to gain access to a client's building while masquerading as a member of staff, contractor or visitor, then, if they can gain access, investigating how easy it might be for an unauthorised person to move around the building and access networks and data. We can help our clients design and implement access control solutions and policies to prevent this kind of intrusion. We also advise clients on the design and installation of CCTV networks. Furthermore, Context recommends that organisations put in place strict procedures to control the disposal of classified information, and carry out waste security audits, in which we use information found on waste paper thrown away by an organisation to try and launch social engineering or system-based attacks against that organisation.