A building management system (BMS) enables the capability to control the infrastructure within a building. BMS can be considered a miniature industrial control system, which is much more common to reach and find by users. The legacy architecture of the BMS assumes every device has to be connected physically. Due to this reason, installing a new Internet of Things (IoT) system allows external connections to enable new security loopholes in the existing BMS. Moreover, potential cyber-attacks target the communication between the BMS and IoT devices.In this paper, we created a prototype setup of the BMS with IoT devices to study the deployment and how the system can be installed. We introduced a comprehensive deployment checklist to assess the security posture of IoT solutions, which specifically focused on the BMS system. This checklist is novel to the market as the existing works are mostly targeted to IoT but not fully applicable to BMS.