(343) 505-6500 info@familysecurity.ca Ottawa, ON — Eastern Ontario
NDAA COMPLIANT · 20+ YEARS FR

Property Management Security Review Checklist for Ottawa & Eastern Ontario

Property management security is categorically different from single-tenant commercial security. A multi-tenant building has shared lobbies, shared mechanical infrastructure, mixed-occupancy operating hours, and a landlord-versus-tenant responsibility split running through every door, camera angle, and credential. A property management security review is the discipline of working through that environment systematically — common areas, tenant boundaries, shared video, parking, mechanical rooms, and PIPEDA-bounded data — producing a defensible record of what is in place, what is missing, and what is drifting out of policy.

This checklist reflects what Family Security looks at during a commercial property management security review across Ottawa & Eastern Ontario. The patterns repeat across downtown Slater and Albert Street office towers, Centretown mixed-use buildings, Westboro low-rise commercial blocks, and Glebe Bank Street corridor properties. The audience is property managers, commercial landlords, facilities leads, and leasing decision-makers using it as a self-audit, RFP scoping input, or insurance-carrier documentation.

Why Property Management Security Is Different

A multi-tenant building is not one security posture. It is a stack of overlapping postures — the building’s, each tenant’s, and the vendors moving through common space. The review separates those layers cleanly before any finding is actionable.

  • Common-area security is the landlord’s contractual responsibility and the surface the building is judged on at lease renewal.
  • Tenant suite boundaries define where building credentials end and tenant credentials begin — a boundary that drifts every time a tenant changes hardware.
  • Shared infrastructure (elevators, mechanical rooms, telecom risers, parking access) carries operational risk for every tenant simultaneously.

A property management security review treats those layers as one audit object. Findings written against the wrong layer are unenforceable.

How We Assess a Property Management Security Posture

The review moves from the building envelope inward: perimeter, tenant boundary, shared vertical circulation, operational back-of-house, video as the cross-cutting layer, then compliance and lifecycle. Order matters — a common-area finding upstream often closes three downstream findings at once.

1. Building Perimeter & Common-Area Access

Family Security technician walking the property perimeter with property manager during an Ottawa multi-tenant building security review
  • Document every exterior door, identify which are landlord- versus tenant-controlled, and confirm each landlord door is on the building access system, not a mechanical key.
  • Verify exterior reader-equipped doors fail secure on credential failure and fail safe on fire alarm — and that the fire-alarm interface is supervised, not assumed.
  • Walk the envelope at the hour the building transitions to after-hours mode; confirm the controller schedule matches the contractual window.
  • Inspect common-area door closers, strikes, and frames for wear; multi-tenant traffic accelerates door-hardware failure.
  • Confirm REX-button bypass behaviour on lobby doors does not allow piggybacking out during business hours.

The most common perimeter finding is mismatched schedules between the access system and the contractual after-hours window — typically a half-hour to ninety minutes of unsupervised exposure no tenant knows about.

2. Tenant Suite Boundaries & Shared Infrastructure

Enterprise commercial multi-tenant deployment showing shared infrastructure and suite-boundary access control in an Ottawa property management context
  • Catalogue every tenant suite door and record whether it is on the building access platform, a tenant-owned platform, or a standalone lockset.
  • For tenants on separate access control systems, document the integration boundary — the tenant’s reader sits inside the building’s fire-life-safety scope but their cardholder database is theirs alone.
  • Identify shared infrastructure crossing the suite boundary: telecom risers, sprinkler valves, supplemental HVAC, and landlord-supplied IT cabling.
  • Confirm tenant move-outs trigger credential revocation in the building system, not just the tenant’s; orphan credentials are the most common audit finding at lease turnover.
  • Where multiple tenants share a Kantech or Lenel backbone, verify the partitioning gives each tenant administrative scope only over their own cardholders.

Tenant boundary drift is the largest source of audit-trail integrity failure in multi-tenant property management. Every changeover without reconciliation widens the gap.

3. Lobby, Elevator & Floor-Access Control

Mobile credential presented at a commercial lobby reader for elevator and tenant floor access in an Ottawa multi-tenant building
  • Document elevator destination-dispatch or floor-call restriction logic and confirm it survives a controller reboot — verify the failure mode is documented, not discovered.
  • Verify lobby turnstiles, speedlanes, or visitor desks have a documented visitor-flow procedure covering credential issue, escort policy, and end-of-day reconciliation.
  • Review elevator floor groups against the tenant directory; floor-access groups frequently lag the lease map by six to eighteen months.
  • Confirm mobile credentials survive a network outage at the building edge — issuance and read paths must be operationally independent.
  • Validate that ground-floor retail tenants do not have lobby access during their non-operating hours.

Floor-access groups not reconciled against the lease map in over a year are the rule, not the exception. The drift is silent until an incident forces a reconstruction.

4. Parking Garage, Loading Areas & After-Hours Routes

Family Security branded service vehicle at a commercial property loading area during an Ottawa multi-tenant building parking and after-hours route review
  • Walk the after-hours entry route a tenant employee actually uses — garage, elevator lobby, suite door — and document every credential read along the way.
  • Identify the loading-dock access procedure: scheduled, escorted, or open-on-request, and confirm the audit trail is consistent with the procedure.
  • Verify parking-gate credentials are revoked under the same discipline as building credentials; parking is the most commonly forgotten revocation surface.
  • Confirm camera coverage of garage and loading-dock includes identification-grade angles at choke points, not only detection-grade overviews.
  • Document after-hours routes for vendors and contractors separately from tenants — the two flows share hardware but require different escort and logging.

Parking and loading are where landlord, tenant, and contractor scopes converge with the least documentation. A written route validated against the audit trail closes most recurring findings here.

5. Mechanical, Electrical & Telecom Rooms

IT rack with network access controller and structured cabling in a commercial mechanical and telecom room during an Ottawa property management security review
  • Inventory every mechanical, electrical, sprinkler, and telecom room and confirm each is on the access platform — not a master key — with a unique access group.
  • Verify the access-group review for mechanical rooms runs on a schedule with documented sign-off; vendor cards accumulate here faster than anywhere else in the building.
  • Inspect the telecom riser room for unauthorized cross-connect work; tenant network changes often touch shared infrastructure without notice.
  • Confirm cameras at mechanical-room entries record on motion with a defensible retention window, not continuous low-quality capture.
  • Document equipment lineage for head-end controllers, NVRs, and building automation panels — manufacturer, model, firmware, last-known-good configuration.

The telecom and mechanical rooms are the highest-consequence interior spaces in a multi-tenant building. Access-group review here is the highest-leverage control in the review.

6. Video Coverage of Common Areas

Technician at monitoring workstation reviewing live common-area CCTV during an Ottawa property management security review
  • Walk every common-area camera and classify the angle as identification-grade, detection-grade, or context-only at the relevant focal distance — not the manufacturer’s spec sheet distance.
  • Verify retention sizing against the building’s policy and the longest defensible window required by any tenant lease or insurance carrier — the higher of the two governs.
  • Confirm placements at lobby reception, elevator entry, garage entry, and loading-dock entry capture a usable face shot at the choke point, not a ceiling-down overview.
  • Audit the video management system for the access-group structure controlling clip export — the most commonly mis-permissioned function in multi-tenant video surveillance systems.
  • Confirm camera and NVR firmware are documented, current, and reviewed on a schedule.

A common finding: cameras covering the lobby ceiling but not capturing a usable identification-grade face at reception. Coverage on a floor plan and coverage at the actual choke point are different audits.

7. Multi-Tenant Compliance, Privacy & PIPEDA

  • Confirm every camera and reader installed in or after 2022 has documented NDAA Section 889 compliance, and that purchasing standards enforce it forward.
  • Audit video and access data retention against PIPEDA proportionality — retain only what is necessary for the documented purpose.
  • Verify a written notice of video surveillance is posted at every public entry consistent with Office of the Privacy Commissioner guidance.
  • Document data-handling agreements with any monitoring provider, integrator, or vendor touching building video or cardholder data.
  • For federal-adjacent or government tenants, confirm installed-hardware supply chain aligns with the tenant’s procurement requirements, not only the building’s.

An NDAA-compliant security posture is no longer optional for buildings courting professional-services, legal, or federal-adjacent tenants. The compliance question gets asked in leasing, not after.

8. Maintenance, Lifecycle & Tenant Handovers

  • Confirm a documented preventive security system maintenance schedule covers cameras, access control, intercoms, and intrusion — and has been executed against in the last twelve months.
  • Inventory equipment lineage for every camera, controller, reader, and NVR — manufacturer, model, firmware, install date, warranty status.
  • Document tenant move-in and move-out credential provisioning and revocation in writing, with sign-off, not as tribal knowledge.
  • Identify equipment within twenty-four months of end-of-support and document planned replacement in the capital plan.
  • Confirm a single accountable party owns the building’s commercial security integration — not three sub-contractors with overlapping scope and no master plan.

Lifecycle drift is the slowest finding to surface and the most expensive to remediate. A clean equipment lineage record pays for itself every renewal.

Common Findings in Ottawa Property Management Security Reviews

Across downtown Ottawa towers, Centretown mixed-use, Westboro low-rise commercial, and the Glebe Bank Street corridor, the same pattern recurs. The list below is what the review writes up after the walkthrough.

  • Access-group memberships that no longer match the tenant directory or lease map.
  • Orphan credentials belonging to ex-tenants, ex-vendors, or ex-employees of current tenants.
  • After-hours schedules drifting from contractually documented building hours.
  • Camera angles covering the floor plan but not the identification-grade choke point at lobby, elevator, or loading dock.
  • Retention windows shorter than the longest tenant-lease or insurance-carrier requirement.
  • Mechanical and telecom room access lists accumulating vendor and contractor cards without periodic review.
  • Hardware purchased before NDAA Section 889 awareness, still installed, still active.
  • Three or more sub-contractor relationships overlapping with no single accountable integrator.
  • Parking-gate credentials issued under a different revocation discipline than building credentials.
  • Equipment within twenty-four months of end-of-support with no capital-plan replacement.

These findings are not failures of any one decision. They are the compound result of tenant churn, vendor turnover, and capital cycles operating against a posture not formally reviewed against its own documentation. A property management security review puts the record back in alignment with the building.

When to Schedule a Property Management Security Review

A property management security review is most useful when scheduled against a specific operational trigger. The trigger establishes scope and deliverable.

  • A change in building ownership or management contract — the new operator inherits the posture and needs a baseline record.
  • A new anchor tenant signing a lease with security or compliance language — the review becomes input to the build-out.
  • An insurance carrier requirement at policy renewal — the review produces the documentation the carrier asks for.
  • Procurement scoping for a major video, access control, or intercom upgrade — the review feeds the RFP.
  • An incident in or near the building — the review documents what was in place and what changes since.
  • A federal-adjacent or professional-services tenant joining the building — the review confirms NDAA, PIPEDA, and supply-chain alignment.
  • A capital planning cycle — the review identifies equipment within twenty-four months of end-of-support before the budget closes.

The deliverable is documented findings, a prioritized remediation list, and a scoped upgrade path — written against the building, tenant directory, and equipment lineage. The Office of the Privacy Commissioner of Canada’s guidance on overt video surveillance by private-sector organizations is the institutional reference for the PIPEDA proportionality language used throughout.

Next Step

Family Security is a commercial security integrator serving property managers, landlords, and facilities leads across Ottawa & Eastern Ontario. The property management security review puts a building’s posture back in alignment with its documentation, tenant directory, and capital plan — before the next lease renewal, insurance cycle, or incident exposes the drift.

A SiteScope property management security review ends with a structured Technician Review Note, not a quote. The note documents what is in place, what is missing, what is drifting, and the prioritized remediation path — in language a property manager can hand to the landlord, insurance carrier, or incoming anchor tenant.

Book a SiteScope property assessment
Talk to a commercial security specialist