
Physical & Environmental Security Policy Information Dynamics
A secure area shall have a preventive mechanism to ensure that
unauthorized individuals do not enter and a detective mechanism to
ensure that all personnel movement into the area is logged.
Access to the secure shall be granted for specific, authorized
purposes and shall be issued with instructions on the security
requirements of the area.
All employees, contractors and third party users and all visitors shall
wear visible identification.
3.1.3. Securing Offices, Rooms and Facilities
The following shall be considered to secure offices, rooms and facilities:
Key facilities shall be sited to avoid access by the public;
Where applicable, buildings shall be unobtrusive and give minimum
indication of their purpose, with no obvious signs, outside or inside
the building; and
Rooms available for information processing shall be lockable and
shall have lockable cabinets & fire proof safes wherever required.
3.1.4. Protecting against external and environmental threats
Physical protection against damage from fire, flood, explosion, civil
unrest, and other forms of natural or man-made disaster shall be
designed and applied;
Hazardous or combustible materials shall be stored at a safe distance
from a secure area;
Proper working of fire prevention/detection/fighting, lightning
conductor and testing of electricity safety measures shall be ensured;
and
Back-up media shall be sited at a safe distance to avoid damage from a
disaster affecting the main site
3.1.5. Working in Secure Areas
Physical protection in secure areas shall be designed and applied. Following
controls shall be enforced:
Information processing facilities like network and server rooms will
be adequately secured using electronic access control system and
access will be restricted to only authorized personnel;
Internal 3 of 5