How to Commission a TSCM Sweep: A Buyer's Guide for Security Officers
Commissioning a TSCM sweep requires understanding what a credible engagement looks like before the provider arrives. This guide covers scope definition, provider vetting criteria, sweep methodology, and what the sweep report should contain.
Commissioning a TSCM sweep requires knowing what a credible engagement looks like before the provider arrives. The key factors are provider vetting (military/intelligence background, not commercial IT), scope definition (facility plus vehicles plus communications infrastructure), methodology transparency (full-spectrum RF, acoustic, optical, NLJD, network, TEMPEST — not just one technique), operational security during the engagement, and the format of the sweep report. Getting any of these wrong produces a false sense of security rather than an actual one.
The market for TSCM services is crowded with providers whose technical capability ranges from professional to theatrical. The consequence of choosing the wrong provider is not a poor service experience — it is an undetected surveillance device. This guide covers what security officers and facility managers need to know before commissioning a sweep.
Step 1: Define the Scope Before You Brief Any Provider
A TSCM sweep should cover the full technical attack surface, not just the room where sensitive meetings occur. Define the scope to include all areas where sensitive discussions take place, adjacent rooms and corridors that share walls with the target area, the building's telecommunications infrastructure (patch panels, risers, phone lines), HVAC ducts and utility conduits that pass through the secure zone, and any vehicles regularly used by principals whose discussions are a surveillance target.
Providers who limit the sweep to the obvious target room without questioning scope are not operating to professional standards. A device placed in an adjacent space or building infrastructure can still intercept conversations in the target room.
Step 2: Vet the Provider
TSCM is a technical discipline derived from military signals intelligence and counter-intelligence methodology. The relevant background for a credible TSCM operator is military SIGINT, ELINT, counter-intelligence, or equivalent intelligence-agency service — not commercial IT security, alarm installation, or private investigation. Ask the provider:
- What are your operators' professional backgrounds? Verify, don't accept claims.
- What equipment do you deploy? Credible providers carry RF spectrum analysers, NLJDs (non-linear junction detectors), acoustic detectors, optical detection equipment, and network inspection tools.
- What is your sweep methodology? It should cover RF, acoustic, optical, NLJD, network, and TEMPEST as a minimum.
- Who receives the sweep report, and how is it transmitted? It should be handled as a classified document.
- What vetting do your operators hold? Relevant security clearances and documented background checks are baseline.
Step 3: Manage Operational Security Around the Sweep
The value of a TSCM sweep depends critically on operational security during the engagement. If an adversary who has placed a device learns that a sweep is scheduled, they may deactivate the device for the duration. Sweep scheduling should be handled on a need-to-know basis, with as short a lead time as operationally possible. The sweep team should not be briefed on the specific threat concern — only the scope and access requirements.
For high-threat environments, Mission Support conducts sweeps under operational cover where the true purpose of the team's visit is not apparent to building occupants beyond the immediate security officer.
Step 4: Understand What the Sweep Report Should Contain
A professional TSCM sweep report documents the methodology applied, equipment deployed, areas and infrastructure covered, findings (positive or negative), and recommended mitigations. A report that simply states "no devices found" without documenting the methodology is not a credible sweep report — it provides no basis for confidence. The report should be suitable for use by a government security officer, legal counsel, or insurance assessor, and should be treated as a classified document in its own right.
Step 5: Establish an Ongoing Programme, Not a One-Off
A single sweep establishes a baseline. It does not guarantee the facility remains clean — an adversary who gains access after the sweep can re-implant. Mission Support recommends sweep programmes with intervals set by threat level: quarterly for high-threat governmental and diplomatic facilities, bi-annually for corporate environments with ongoing sensitive discussions, and event-specific sweeps before any major negotiation or classified meeting.
Frequently Asked
Request a TSCM Assessment
Operational engagements start with a vetted conversation. Mission Support responds inside one working day for governmental and Tier-1 enquiries.
Continue to service briefSecuring a new building — why a TSCM sweep comes first
Moving into a new building — leased or purchased — without a TSCM sweep is one of the most common entry points for corporate and governmental intelligence compromises. Here is why the sweep comes first.
Read next