Physical and Environmental Security Policy - Risk Management


Physical security is the protection of people and property from physical harm. It is related to risk management because it is one of the ways to reduce the likelihood or impact of a risk. 


Business Management will work reasonably ensure that Business  owned facilities are accessed only by authorized workforce members or third-party vendors. The general public should not be allowed access to areas where confidential data is stored, in any form, unless escorted by an authorized workforce member.

The Security Officer or designee shall implement processes, policies, and procedures to safeguard Business  facilities, the equipment located at the facilities, and any confidential data stored at the facilities from unauthorized physical access, tampering, and theft through physical access control devices and workforce monitoring.

It is the policy of Business to limit and control access to Business facilities where workstations, servers, and other hardware and software are located. Access controls include validating a workforce member’s access based on role or function, control of visitors as outlined in the Third party/Visitor Access Policy. It is also the policy of Business to control access to software programs for testing and revision by third party vendors.

Business  shall track any changes in facilities that impact physical security - e.g., changing locks, adding electronic access control devices, media storage area locks, etc. A review of facility changes should be conducted periodically to help ensure that changes do not compromise the physical security of a site and that any new additions to the physical security of a site are accomplished in a manner that protects the workforce, individuals, and confidential data, electronic or non-electronic.