A.7.1 Physical Security Perimeters would include:
-
Physical Barriers: Proof of physical barriers such as fences, walls, gates, or turnstiles that restrict unauthorized access to the organization's premises.
-
Access Control Mechanisms: Documentation of access control mechanisms in place at physical entry points, including key cards, biometric systems, security personnel, or other authentication methods.
-
Visitor Management: Evidence of visitor management procedures, including visitor logs, identification requirements, and escort policies for visitors without authorized access.
-
Surveillance Systems: Verification of surveillance systems, such as CCTV cameras, covering critical areas to monitor and record activities around physical security perimeters.
-
Alarm Systems: Records of alarm systems implemented to detect and notify security personnel of any unauthorized attempts to breach physical security perimeters.
-
Physical Security Reviews: Documentation of regular physical security reviews and assessments to identify vulnerabilities and ensure compliance with established security standards.
-
Security Lighting: Proof of adequate security lighting installed to illuminate key areas around physical security perimeters during non-daylight hours.
-
Physical Security Policies and Procedures: Access to documented policies and procedures that outline the organization's approach to physical security, including perimeter protection.
-
Incident Reports: Records of any security incidents related to physical security perimeters and the actions taken to address and prevent similar incidents in the future.
-
Compliance with Policies and Procedures: Confirmation that employees and personnel adhere to the established physical security policies and procedures.
By examining these pieces of evidence, an auditor can assess the effectiveness of the organization's physical security perimeters in preventing unauthorized access and protecting sensitive areas, assets, and information from potential threats.
