3.3.2 Physical Security
| No: 381000091275 | Date(g): 24/5/2017 | Date(h): 28/8/1438 | Status: In-Force |
Principle
The Member Organization should ensure all facilities which host information assets are physically protected against intentional and unintentional security events.
Objective
To prevent unauthorized physical access to the Member Organization information assets and to ensure its protection.
Control considerations
| 1. | The physical security process should be defined, approved and implemented. | |
| 2. | The effectiveness of the physical security process should be monitored, measured and periodically evaluated. | |
| 3. | The physical security process should include (but not limited to): | |
| a. | physical entry controls (including visitor security); | |
| b. | monitoring and surveillance (e.g., CCTV, ATMs GPS tracking, sensitivity sensors); | |
| c. | protection of data centers and data rooms; | |
| d. | environmental protection; | |
| e. | protection of information assets during lifecycle (including transport and secure disposal, avoiding unauthorized access and (un)intended data leakage. | |