Author Stuart Barker
Thieves are banking on you being ‘relaxed’ with your valuables.
You are most vulnerable in social situations to theft. It goes without saying. In todays age where our lives and our businesses are on our phones, gadgets, laptops and devices it is no wonder they are a primary target for thieves.
Top 5 Physical Tips to Be Secure
- Keep an eye on your valuables
- Do not leave valuables on the table
- Leave the laptop or tablet at work
- If you have to take your laptop or tablet out then lock it in the boot of your car
- Lock things away
It’s good to catch up with friends or colleagues or have a business meeting. Remember that the theft of laptops and gadgets is on the increase. See this article that relates to
600 laptops and 83 iPads were stolen from the BBC.
ISO 27001 Physical Security
ISO 27001 is the international standard for information security. It is an information security management system. Part of it looks at physical security. Physical security is arguably the easiest part of cyber security to get right.
ISO 27001 Section 11 Physical and Environmental Security
The ISO 27001 standard covers Physical and Environmental Security in section 11. There are a number of sub clauses that all go towards meeting the objective which is to prevent unauthorised physical access, damage and interference to the organisation’s information and information processing facilities. ISO 27001 is quite prescriptive for physical security and the following are the controls that are best practice and you would be expected to have in place.
ISO 27001 A.11.1.1 Physical security perimeter
Security perimeters shall be defined and used to protect areas that contain either sensitive or critical information and information processing facilities.
ISO 27001 A.11.1.2 Physical entry controls
Secure areas shall be protected by appropriate entry controls to ensure that only authorized personnel are allowed access.
ISO 27001 A.11.1.3 Securing offices, rooms and facilities
Physical security for offices, rooms and facilities shall be designed and applied.
ISO 27001 A.11.1.4 Protecting against external and environ- mental threats
Physical protection against natural disasters, malicious attack or accidents shall be designed and applied.
ISO 27001 A.11.1.5 Working in secure areas
Procedures for working in secure areas shall be designed and applied.
ISO 27001 A.11.1.6 Delivery and loading areas
Access points such as delivery and loading areas and other points where unauthorized persons could enter the premises shall be controlled and, if possible, isolated from information processing facilities to avoid unauthorized access.
ISO 27001 A.11.2 Equipment
Objective: To prevent loss, damage, theft or compromise of assets and interruption to the organiza- lion’s operations.
ISO 27001 A.11.2.1 Equipment siting and protection
Equipment shall be sited and protected to reduce the risks from environmental threats and hazards, and opportunities for unau- thorized access.
ISO 27001 A.11.2.2 Supporting utilities
Equipment shall be protected from power failures and other disruptions caused by failures in supporting utilities.
ISO 27001 A.11.2.3 Cabling security
Power and telecommunications cabling carrying data or supporting information services shall be protected from interception, interference or damage.
ISO 27001 A.11.2.4 Equipment maintenance
Equipment shall be correctly maintained to ensure its continued availability and integrity.
ISO 27001 A.11.2.5 Removal of assets
Equipment, information or software shall not be taken off-site without prior authorization.
ISO 27001 A.11.2.6 Security of equipment and assets off-premises
Security shall be applied to off-site assets taking into account the different risks of working outside the organization’s premises.
ISO 27001 A.11.2.7 Secure disposal or re- use of equipment
All items of equipment containing storage media shall be verified to ensure that any sensitive data and licensed software has been removed or securely overwritten prior to disposal or re-use.
ISO 27001 A.11.2.8 Unattended user equipment
Users shall ensure that unattended equipment has appropriate protection.
ISO 27001 A.11.2.9 Clear desk and clear screen policy
A clear desk policy for papers and removable storage media and a clear screen policy
Having an ISO 27001 policy document that covers how you will physically protect your environment is a great first step. Implementing ISO 27001 and gaining ISO 27001 certification is becoming a must have for business. ISO 27001 certification is quick, simple and affordable and we are here to provide you the essential protection of your data in a low impact, pain free approach.
Speak to a member of the team now on
03455 760 999
We would love to help you, ask for Stuart: