3 ensuring physical and data security

Ensuring Physical and Data Security

Physical Security Issues

Infiltration/exfiltration of physical property: activities such as bringing removable media in and out of a facility

Improper termination of an employee’s physical access or access badge

Unauthorized access to facility: employees entering facilities during unusual hours or unauthorized employees walking through an open door behind an authorized employee (known as "piggybacking")

Generally poor physical security: general issues such as insufficient guard oversight or insufficient separation of duties for physical access controls

Employee used an unauthorized workstation: employees who are able to physically enter another employee’s office/workspace and access their workstation

Breaking and entering/physical destruction: employees breaking into secure spaces or stealing physical equipment

Janitorial staff issues: janitorial staff who steal sensitive information or are socially engineered into violating physical security

Improper disposal or destruction of organization information

Policy Requirements

Entry Authorization for Permanent or Temporary Employees Access to your premises by all permanent

or temporary (including agency or fixed term contract) employees to designated areas is approved by HR.

No permanent or temporary employees may be taken on without the prior approval of HR.

Access Procedures Controlling physical access to areas in the

workplace is a way to keep the business safe.

Visitor Access Controls Visitors attending meetings should be

registered with Reception by the meeting organizer in advance of the meeting taking place preferably by an email but if necessary by calling Reception…

Carrying Identification Badges/Swipe cards All users are required to carry

their identification badges/swipe cards at all times such that their identity may be easily verified if challenged.

Challenging Strangers Reception and the overnight and weekend security

guards are required to challenge strangers when entering the building without an identification badge…

Reporting Lost or Stolen Identification Badges /Swipe Cards

Forgotten Identification Badges /Swipe Cards Employees who have forgotten

their swipe cards must obtain a temporary access pass from Reception when they arrive at work…

Storage of Sensitive Assets Employees must ensure that sensitive

assets held at offices are kept secure. Employees must ensure they adhere

to the Tidy and Secure Desk Policy & Guidance in all office areas at the offices.