Whilst areas containing key IT infrastructure equipment in particular need to be protected to a greater extent and access limited to only those that really need to be there. Extra consideration should be given to access being granted to areas in which sensitive or classified information is being processed or stored. The control of visitors will also be especially important and the processes related to such should be considered. The processes for granting access through the entry controls need to be robust, tested and monitored and may also need to be logged and audited.
As a really basic example, only those employees who have been given the alarm access code and received a key can access the office. More risk averse organisations and or those with more sensitive information at threat might go much deeper with policies that include biometrics and scanning solutions too.Įntry controls will need to be selected and implemented based on the nature and location of the area being protected, and the ability to implement such controls if for example, the location is not owned by the organisation. Secure areas need to be protected by the appropriate entry controls to ensure only authorised personnel are allowed access. visitors, and external cleaners/facilities maintenance resources who have been approved in line with the supplier policy. As a basic example, offices containing valuable information should only be accessed by employees of that organisation, or by permission being granted for others e.g. This is also related to the risk assessment and risk appetite for an organisation in line with 6.1 actions to address risks and opportunities. Put in simple terms, the organisation must establish secure areas that protect the valuable information and information assets only authorised people can access. This also dovetails and relates to your Scope in 4.3.
for datacentres and use of rented offices it is also important to reference these controls with the supplier policy in A15.1 and the numerous other policies that affect home/mobile/teleworkers too.
Workers who travel and therefore use hotels, customer premises etc.Workers who tend to work from home and.The Data centres that host information assets.
0 kommentar(er)
