Physical Security

The physical security requirements, roles and responsibilities, as well as the security areas and controls to be implemented and maintained, are defined in the Physical and Environmental Security Standard.

There are four physical security levels, which are based on the type of information, assets, processes, and services managed within office areas.

Each security area has adequate physical security controls such as access control systems, CCTV surveillance, and environmental protection to safeguard information and other assets.

Access rights to security areas are provided based on the "need to know" and "least privilege" principles, and are reviewed, withdrawn, and audited accordingly. Rules have been defined for issuing, wearing, and returning physical access cards, as well as managing physical keys. Turnstiles, automated doors or other physical barriers are set, and may only be passed with the access cards & rights.

Specific instructions to provide visitors with access and accompany them in designated areas have been defined as well. An access log of visitors is kept in each location.

Physical security measures are be implemented to prevent or mitigate damage by fire, flood, earthquake, explosion, civil unrest, and other forms of natural or man-made disasters. The standard also covers security aspects regarding external areas, delivery and loading areas, and discontinued offices.