Information security is often considered in terms of cyber threats, such as criminal hacking and fraud, but it’s just as much about physical and environmental risks.
This includes things such as the improper disposal of physical records, unauthorised personnel in the premises and property damage.
ISO 27001, the international standard for information security, contains a framework for addressing these risks.
The guidance can be found in Annex 11. In this blog we break down each of its six sections and help you understand the steps you must take to secure your organisation.
A.11.1.1 Physical Security Perimeter
Annex A.11 begins with organisations’ physical security perimeter requirements. It states that organisations must establish secure areas of the premises that prevent unauthorised people from accessing sensitive information and information assets.
The Standard defines a physical security perimeter in broad terms, referring to it as “any transition boundary between two areas of differing security protection requirements”.
In practice, this could be the border between the inside and outside of a building, between a corridor and an office or between the inside and outside of a storage cabinet.
The border could also be entirely external, separating the outer premises from the surrounding land.
Additionally, organisations must physical security perimeters for remote workers and other employees or third parties who access sensitive information outside the company’s premises.
A.11.1.2 Physical Entry Controls
Once you have identified physical security perimeters, you must implement entry controls to govern who can move between secure areas of the premises.
The most common example of this will be keycodes issues to employees so that they can e ..
Support the originator by clicking the read the rest link below.
