Operations
How to build a patrol route
A 7-step framework for designing patrol routes that produce audit-ready evidence and resist gaming. Distilled from 12 enterprise deployments — data centers, hospitals, manufacturing plants, multi-tenant office portfolios.
- Author
- The Field Guide editorial team
- Published
- Published 2026-05-09
- Reading time
- 11 min read
1. Start from the threat model, not the floor plan
A common failure mode: the team draws a route that walks the perimeter every 90 minutes because that is what the floor plan suggests, without asking what threat the route is mitigating. The right starting point is a one-page threat model: who would benefit from compromising this site, what assets are at risk, what failure modes the program needs to detect (theft, intrusion, environmental, internal). The route then maps coverage to threats. A data center cage requires four-times-a-day rounds because SOC 2 CC6 expects evidence of physical access controls; an office lobby requires twice-an-evening checks because the threat is opportunistic theft. Same building — different routes.
2. Build the checkpoint inventory before the sequence
Walk the site with the threat model in hand and tag candidate checkpoints. A complete inventory documents: location (floor, room, fixture), threat coverage (which threat the checkpoint mitigates), expected dwell time (how long the guard stays), required action (scan only, scan + photo, scan + form), and tag technology (QR for outdoor robust, NFC for indoor close-range, BLE beacon for hard-to-tag locations). Common mistake: treating tag placement as the inventory exercise — placement comes after the inventory is approved by stakeholders (security director, facilities, compliance). Inventory size scales with site complexity: a 10-checkpoint inventory is normal for a single-tenant office; a 200-checkpoint inventory for a regional hospital.
3. Hybrid sequencing — required core + randomized pool
Predictable routes (always 8 PM at the loading dock) are gameable. Fully randomized routes are hard for guards to memorize and hard for clients to audit. The defensible default is hybrid: a core of required checkpoints with mandatory frequency (e.g. mantraps must be visited every 90 minutes) plus a randomized pool sampled per shift. Configure the sampler to ensure minimum coverage (every checkpoint hit at least once per 24 hours) but force unpredictability in the order. Most guard tour platforms support hybrid sequencing natively; if yours does not, treat that as a procurement red flag.
4. Size geofences to the floor plan, not the GPS spec
Vendors default to 30 m geofence radius because that is roughly the GPS accuracy spec on a clear day. In practice, indoor GPS drift can hit 50-80 m, and tight geofences trigger false alarms that destroy supervisor trust. The pragmatic rule: outdoor geofences at 30 m, indoor geofences at 50 m unless the building footprint is genuinely smaller, and supplement indoor checkpoints with NFC or BLE proximity rather than relying on GPS alone. A two-factor checkpoint (NFC + GPS, both required) is materially harder to spoof than either signal alone, and it tolerates GPS drift gracefully.
5. Required actions per zone — sized to the threat
Not every checkpoint deserves a photo. Scan-only is appropriate for low-threat zones (corridors, stairwells); scan + photo for medium-threat zones (loading docks, server room exterior); scan + structured form for high-threat zones (chemical storage, classified areas, critical infrastructure perimeters). Sizing actions to threat keeps guard fatigue manageable while ensuring the audit trail is rich where it matters. A common pattern in production: 60% scan-only, 30% scan + photo, 10% scan + form.
6. Exception protocol — what happens when a checkpoint is skipped
Routes break. A guard hits a locked door, a tag fails, a hazmat spill blocks a corridor. The exception protocol is the procedure for documenting these without destroying the audit trail: every skip requires a structured reason code (10-15 codes covering common cases), a free-text note, an optional photo, and either an automatic supervisor notification or a deferred review depending on threat level. Programs that treat skips as silent failures produce audit trails that look defensible but collapse under cross-examination. Programs that treat every skip as a critical alert produce alert fatigue and supervisor burnout.
7. Quarterly review against incident heatmaps
A patrol route designed once and never reviewed becomes a liability. Quarterly review tasks: overlay the route on the past quarter's incident heatmap (theft, alarm activations, environmental events) and ask whether the route covers the hot zones with the right frequency. Move checkpoints, tighten frequencies, retire dead-zone checkpoints. Document changes in a route-change log so the audit trail tells a coherent story even when the route evolves. Insurance underwriters increasingly ask for the route-change log as part of the underwriting package.
Vendor checklist — features your platform must support
Use this list when evaluating a guard tour platform against route quality. (1) Hybrid sequencing — required + randomized pool, with minimum-coverage guarantees. (2) Geofence-per-checkpoint configuration with separate indoor/outdoor radii. (3) Two-factor checkpoint support (NFC + GPS both required, photo as third optional layer). (4) Structured exception reason codes with custom code support. (5) Route-change log with diff and reviewer signature. (6) Incident heatmap visualization overlaid on the route. (7) Per-zone action templates (scan-only, scan + photo, scan + form). If the platform fails on any of these, route design quality degrades.