The physical security policy defines rules and principles on the protection of information in (semi) public spaces.
The office manager is responsible for implementing this policy.
- Fire alarm and extinguishers should be checked at regular intervals
- Their access should not be blocked
In case a (home) office contains digital or printed information classified as Confidential or Sensitive:
- Hard copies (such as contracts, HR files or customer records) must be stored in a cabinet; this cabinet should be locked when unsupervised
- Office locks should be controlled (e.g. with numbered keys, cards or fobs, of which an inventory is kept under Assets)
- Electronic access rights should be checked periodically
- Alarm codes must not be shared with other tenants
- In case alarm codes are shared internally, they should be changed at regular intervals, at least as part of the HR off boarding process
- Visitors should not be left unattended
- Server rooms should only be accessible to authorized personnel
- HVAC equipment (heating, ventilation and airconditioning) should be regularly maintained
- In case the internet connection is shared with other tenants, or when patch panels, switches or routes are accessible from outside the office, the office network is considered insecure and a VPN must be used
- UTP cables should be shielded from power cables to prevent interference
Updated 7 months ago