Physical Security

Evaluates the governance framework, strategic alignment, and organizational commitment to physical security. Assesses executive oversight, policy frameworks, resource allocation, risk management integration, and regulatory compliance for physical protection measures.

Assesses the organization's approach to facility location selection, architectural security features, and secure design principles. Evaluates geographic risk assessment, building security considerations, and integration of security into facility planning.

Evaluates the organization's external boundary protection including barriers, entry points, detection systems, and surveillance. Assesses first-line defenses against unauthorized access and hostile threats.

Assesses personnel and visitor access management through physical and electronic controls. Evaluates access control technology, visitor management, contractor access, and prevention of unauthorized entry.

Evaluates continuous monitoring capabilities including CCTV systems, alarm monitoring, security operations, and guard force management. Assesses detection, verification, and response capabilities.

Addresses controls for sensitive areas including server rooms, executive areas, and restricted zones. Evaluates secure area classification, entry controls, working procedures, and protection of high-value assets.

Covers protection against environmental threats including fire, flood, temperature, and power issues. Evaluates utility resilience, environmental monitoring, and protection systems for facilities and equipment.

Addresses protection of physical assets, equipment, and storage media throughout their lifecycle. Evaluates asset tracking, off-premises security, media handling, secure disposal, and equipment maintenance security.

Covers validation of physical security measures and continuous improvement processes. Evaluates security assessments, penetration testing, incident analysis, performance metrics, and improvement programs.