Physical security policy

Summary

The physical security policy defines rules and principles on the protection of information in (semi) public spaces.

The office manager is responsible for implementing this policy.

Principles

Physical protection

  • Fire alarm and extinguishers should be checked at regular intervals
  • Their access should not be blocked

In case a (home) office contains digital or printed information classified as Confidential or Sensitive:

  • Hard copies (such as contracts, HR files or customer records) must be stored in a cabinet; this cabinet should be locked when unsupervised
  • Office locks should be controlled (e.g. with numbered keys, cards or fobs, of which an inventory is kept under Assets)
  • Electronic access rights should be checked periodically
  • Alarm codes must not be shared with other tenants
  • In case alarm codes are shared internally, they should be changed at regular intervals, at least as part of the HR off boarding process
  • Visitors should not be left unattended

Server rooms

  • Server rooms should only be accessible to authorized personnel
  • HVAC equipment (heating, ventilation and airconditioning) should be regularly maintained

Network protection

  • In case the internet connection is shared with other tenants, or when patch panels, switches or routes are accessible from outside the office, the office network is considered insecure and a VPN must be used
  • UTP cables should be shielded from power cables to prevent interference

What’s Next