The Physical Security Policy is intended to ensure that physical computer resources and information resources are properly protected physically.
The Physical Security Policy applies to all company computer systems and information, including printed copies of information which may be sensitive.
Appropriate measures in regard to access control, environment, and protection must be in place to properly protect physical computer systems and information resources from physical harm or unauthorized access and disclosure. These resources include informational assets that are not computer related. All employees, vendors, contractors and partners are responsible for ensuring that information resources and computer systems have proper and adequate physical security.
Access to the office must be logged either electronically or on log sheets. The person getting access must be required to log in and the log in requirement must not be voluntary. Places where authentication devices or data storage facilities exist must require access logs records to be maintained.
- Removal or addition of computer equipment belonging to the company must be logged and accounted for within the office.
- All those who have access to where organizational computer systems are must pass a security background check or be escorted by a staff member who has passed a security background check.
- Computer equipment that allows access to systems without password controls such as account login must be protected in rooms with proper physical access controls. These controls must include mandatory logging of access and proper construction of the room to prevent unauthorized break-in.
- Office premises must be secured in the absence of an authorized employee, with all physical locks on entryway doors engaged.
Employees must adhere to the outlined protocol above and following, with special considerations for personal policies.
- Be alert and aware of suspicious characters in or near office premises. Report suspicious characters or activities as is appropriate and safe.
- Keep computer equipment in your possession secure at all times whether on organizational premises or away from the company premises.
- Report loss or theft of any sensitive documents, memory storage devices, or computer equipment to management and document it with appropriate forms.
- Be sure information assets being disposed of are disposed of properly in accordance with the Data Destruction Policy, if applicable.
Since proper physical security is critical for protecting the security of the company, employees that purposely violate this policy may be subject to disciplinary action up to and including denial of access, legal penalties, and/or termination.