Scribd
Upload
415 views6 pages

Physical Security Policy

Physical Security Policy

Uploaded by

Shah Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
415 views6 pages

Physical Security Policy

Physical Security Policy

Uploaded by

Shah Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

PHYSICAL

SECURITY
POLICY

1
© Distributed by Resilify.io under a Creative Commons Share Alike License.
Physical Security Policy
Version Control
Owner Version Edited By Date Change History
IS Rep 0.1 Assent 14/10/2019 First Draft

Distribution
Held Format Location Comments
By
User Digital / Physical

Status
X Status Approved By Date
X Working DD/MM/YYYY
Draft
Provisional Approval
Publication

Classification
Confidential
X Restricted
Unclassified

Relevance to Standard

Standard Clause Title

[ISO 27001:2013] [A11.1.1] [Physical Security Perimeter]


[A11.1.2] [Physical Entry Controls]

License

Licensed by Assent Risk Management via Resilify.io Under a Creative Commons Share Alike License.

2
© Distributed by Resilify.io under a Creative Commons Share Alike License.
Contents

Physical Security Policy____________________________________________________________________________2


Contents_______________________________________________________________________________________________3
Physical Security Policy____________________________________________________________________________4
1.0 Overview______________________________________________________________________________________4
1.1 Principles______________________________________________________________________________________________4

2.0 Policy___________________________________________________________________________________________4
2.1 Secure Perimeter______________________________________________________________________________________4
2.2 End of Day Routine____________________________________________________________________________________4
2.3 Physical Entry_________________________________________________________________________________________4
2.4 Issue of Fobs___________________________________________________________________________________________5
2.5 Lost/Damaged Fobs___________________________________________________________________________________5
2.6 Return of Fobs_________________________________________________________________________________________5
2.7 Access Fob Reviews___________________________________________________________________________________5
2.8 Logging & Monitoring_________________________________________________________________________________6

3.0 Related Policies_______________________________________________________________________________6

3
© Distributed by Resilify.io under a Creative Commons Share Alike License.
Physical Security Policy

1.0 Overview

1.1 Principles

Need-to-know; you are only granted access to the information you need
to perform your tasks (different tasks/roles mean different need-to-know
and hence different access profile).

Need-to-use: you are only granted access to the information processing


facilities (IT equipment, applications, procedures, rooms) you need to
perform your task/job/role.

2.0 Policy

2.1 Secure Perimeter

The organization’s physical security perimeter must be maintained at all


times to reduce the threat of unauthorized access to information assets. 

2.2 End of Day Routine

The last person to leave has responsibilities for securing the premises at
the end of the day and must ensure:

 Meeting Rooms are Cleared,


 Whiteboards are wiped,
 Windows are locked,
 Fire Doors are closed.
 Intruder Alarm is Set.

2.3 Physical Entry


Entry to the organisation’s premises is via fob-controlled doors only.

Please use the fobs provides to gain access to the premises.

Access fobs must not be shared or lent to other users.

4
© Distributed by Resilify.io under a Creative Commons Share Alike License.
Do not permit people to tail-gate through open doors.

All visitors and third parties must report to reception and sign in.

Challenge any strangers on-site who do not appear to be accompanied.

2.4 Issue of Fobs

Access fobs are issued to new starters by the HR department. It is your


responsibility to hold access fobs securely.

Spare fobs are held securely by the HR Department.

Temporary fobs may be issued to visitors and trusted contractors.

2.5 Lost/Damaged Fobs

Lost or damaged access fobs should be reported to the HR Department


immediately

Fobs will be deactivated on the access control system.

For lost fobs, an incident investigation will take place to determine any
additional threats.

2.6 Return of Fobs

Fobs must be returned to the HR Department before leaving the


company.

The HR Department may deactivate fobs before an employee leaves the


business.

2.7 Access Fob Reviews

The HR Department will undertake regular reviews of the fobs which


have been issued and the controlled doors they are assigned to.

Changes will be made as appropriate.

5
© Distributed by Resilify.io under a Creative Commons Share Alike License.
Employees may be asked to confirm that fobs issued to them are still in
their possession.

2.8 Logging & Monitoring

The physical access control system records when fobs are used, and at
which control points. This can be linked to your employee id.

This log information may be used to investigate incidents and in line with
the disciplinary policy.

3.0 Related Policies

Disciplinary Policy
Clear Desk and Screen Policy.

6
© Distributed by Resilify.io under a Creative Commons Share Alike License.

You might also like