Physical security plays very important role in ISO 27001. Physical
security controls are to protect the organization infrastructure, people
and its information assets from external and internal threats.
Few areas which you can focus:
*Should have a physical security policy
*Physical Access card controls for doors and datacenter
*Security guards
*Badgeing procedure (visitor badge, contractor, employees)
*Environmental security - fire and safety procedure / flood / natural
disaster etc?
*People trained fire fighting
*Testing of fire fighting equipments
*Evacuation process and fire drills
*Laptop entry register
*Tracking the movement of equipments (in/out)
*Secure layout of cables (electrical lines, UPS lines, data cables, lease
lines, telecom etc?)
*CCTV for monitoring you critical data process unit and exit areas
*bio-metric access control for you data center
*Review of logs (Access control system / CCTV / access card disposal etc?)
*Report of physical security incidents
*Ensure racks are under lock and key, key are in secure place
*Preventive and corrective maintenances for UPS / Gen-set / Telecom
devices / monitoring system etc?.)
*Secure disposal procedure
*Security of equipment off-premises (backup tapes, laptops, Blackberry
devices etc?)
Hope it helps
Regards
Manunath
-----Original Message-----
From: "shakti velu" <shaktivelu88 (at) gmail (dot) com [email concealed]>
Sent: Tue, July 18, 2006 7:44 pm
To: bs7799 (at) securityfocus (dot) com [email concealed]
Subject: physical security
Hi,
How much of physical security concerns need to be addressed in ISO 27001
Do we need to get into details like bio-metric access control and
Physical security plays very important role in ISO 27001. Physical
security controls are to protect the organization infrastructure, people
and its information assets from external and internal threats.
Few areas which you can focus:
*Should have a physical security policy
*Physical Access card controls for doors and datacenter
*Security guards
*Badgeing procedure (visitor badge, contractor, employees)
*Environmental security - fire and safety procedure / flood / natural
disaster etc?
*People trained fire fighting
*Testing of fire fighting equipments
*Evacuation process and fire drills
*Laptop entry register
*Tracking the movement of equipments (in/out)
*Secure layout of cables (electrical lines, UPS lines, data cables, lease
lines, telecom etc?)
*CCTV for monitoring you critical data process unit and exit areas
*bio-metric access control for you data center
*Review of logs (Access control system / CCTV / access card disposal etc?)
*Report of physical security incidents
*Ensure racks are under lock and key, key are in secure place
*Preventive and corrective maintenances for UPS / Gen-set / Telecom
devices / monitoring system etc?.)
*Secure disposal procedure
*Security of equipment off-premises (backup tapes, laptops, Blackberry
devices etc?)
Hope it helps
Regards
Manunath
-----Original Message-----
From: "shakti velu" <shaktivelu88 (at) gmail (dot) com [email concealed]>
Sent: Tue, July 18, 2006 7:44 pm
To: bs7799 (at) securityfocus (dot) com [email concealed]
Subject: physical security
Hi,
How much of physical security concerns need to be addressed in ISO 27001
Do we need to get into details like bio-metric access control and
CCTV for datacenter?
[ reply ]