This document defines the Physical Security Policy for the Company. In addition to this policy, each office within the country will maintain a Physical Security plan detailing location specific procedures.
The objective of this policy is to outline the approach to manage physical security in order to ensure that our people, physical infrastructure and assets are resilient and properly protected against a variety of threats. Threats to the security of our people, physical and electronic infrastructure will be assessed through threat and security risk assessments at a variety of levels as determined by IT Security and the wider business needs.
All employees should comply with the clauses that have been identified as applicable to them. They will be responsible for ensuring that relevant visitors and identified third party accessing the Company’s physical and electronic infrastructure and Company information held follow the processes applicable to them.
The scope and statements within this policy shall also apply to all personal data processed by the Company. “Processing” in this context means any operation concerning personal data throughout the information lifecycle; this includes but is not limited to personal data collected, stored, viewed, transferred, analyzed or communicated in hard copy, oral or electronic form.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. SECURE AREAS
3.1 PHYSICAL SECURITY PERIMETER
3.2 SECURING OFFICES, ROOMS AND FACILITIES
3.4 ACCESS CONTROLS
3.5 LOADING AREAS, COURIER POINTS AND PUBLIC ACCESS
3.6 SECURE AND RESTRICTED AREAS
3.7 PROTECTING AGAINST ENVIRONMENTAL THREATS
4. EQUIPMENT SECURITY
4.1 SUPPORTING UTILITIES AND CABLING SECURITY
4.2 EQUIPMENT SECURITY AND MAINTENANCE
4.3 TRANSPORTATION AND SECURITY OF EQUIPMENT OFF PREMISES
4.4 SECURE DISPOSAL OR REUSE OF EQUIPMENT
6. FINAL CONSIDERATIONS
6.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
6.2 DOCUMENT REVISION
The objective of the Configuration Management Procedure is to ensure the integrity and availability of Company information and to prevent damages from uncontrolled configuration changes to all IT and physical infrastructure services that support Company’s systems.
The Pandemic Contingency Procedure represents a pandemic plan at the Company level with the scope of minimizing the negatives effects of a pandemic situation. Contingency planning for a range of risks is a key business activity for all organizations.