A.7.2 Physical Entry would include:
-
Access Control Policy: A documented access control policy that outlines the organization's procedures for granting physical access to its premises.
-
Access Logs: Records of physical access control measures, such as access logs, entry/exit records, and CCTV footage, to track and monitor who enters and exits the premises.
-
Access Authorization: Evidence that physical access is granted based on defined roles and responsibilities, and that employees or visitors have appropriate access credentials (ID cards, badges, etc.).
-
Visitor Management: Documentation of visitor registration procedures, including sign-in/sign-out logs and visitor badges.
-
Physical Barriers: Evidence of physical barriers, such as fences, gates, turnstiles, or access control systems, to control access to restricted areas.
-
Security Personnel: Information on security personnel or guards responsible for monitoring physical access.
-
Tailgating Prevention: Measures in place to prevent unauthorized individuals from gaining access by tailgating or following authorized personnel without proper authentication.
-
Badge Access Control: Verification that badge access control systems are functioning correctly, restricting access to authorized areas only.
-
Incident Reporting: Procedures for reporting and investigating any incidents related to physical entry or unauthorized access.
-
Compliance with Regulations: Confirmation that the organization's physical entry controls align with relevant legal and regulatory requirements.
By reviewing these pieces of evidence, an auditor can assess whether the organization has implemented effective physical entry controls to prevent unauthorized access to its premises and sensitive areas, thus reducing the risk of physical security breaches and protecting assets, information, and personnel
