CHAPTER 12: Dealing with premises related considerations

Section 01 Premises Security
Section 02 Data Stores
Section 03 Other Premises Issues
Section 01: Premises Security

Policy 120101 Preparing Premises to site Computers
POLICY STATEMENT
“The sites chosen to locate computers and to store data must be suitably protected form physical intrusion, theft, fire, flood and other hazards.”

Policy 120102 Securing Physical Protection of Computer Premises
POLICY STATEMENT
“Computer premises must be safeguarded against unlawful and unauthorized physical intrusion.”

Policy 120103 Ensuring Suitable Environmental Conditions
POLICY STATEMENT
“When locating computers and other hardware, suitable precautions are to be taken to guard against the environmental threats of fire, flood and excessive ambient temperature / humidity.”

Policy 120104 Physical Access Control to Secure Areas
POLICY STATEMENT
“All computer premises must be protected from unauthorized access using an appropriate balance between simple ID cards to more complex technologies to identify, authenticate and monitor all access attempts.”

Policy 120105 Challenging Strangers on the premises
POLICY STATEMENT
“All employees are to be aware of the need to challenge strangers on the organization’s premises.”

Top



Section 02: Data Stores

Policy 120201 Managing On-Site Data Stores
POLICY STATEMENT
“On-site location where data is stored must provide access controls and protection which reduce the risk of loss or damage to an acceptable level.”

Policy 120202 Managing Remote Data Stores
POLICY STATEMENT
“Remote locations where data is stored must provide access controls and protection which reduce the risk of loss or damage to an acceptable level.”

Top



Section 03: Other Premises Issues

Policy 120301 Electronic Eavesdropping
POLICY STATEMENT
“Electronic eavesdropping should be guarded against by using suitable detection mechanisms, which are to be deployed if and when justified by the periodic risk assessments of the organization.”

Policy 120302 Cabling Security
POLICY STATEMENT
“The security of cabling must be reviewed during any upgrades or changes to hardware or premises.”

Policy 120303 Disaster Recovery Plan
POLICY STATEMENT
“Owners of the organization’s information systems must ensure that disaster recovery plans for their systems are developed, tested, and implemented.”

Top