A.9 Physical and environmental security

A.9.1 Secure areas

Objective: To prevent unauthorized physical access, damage and interference to the organization’s premises and information.

A.9.1.1 Physical security perimeter

Control

Security perimeters (barriers such as walls, card controlled entry gates or manned reception desks) shall be used to protect areas that contain information and information processing facilities.

A.9.1.2 Physical entry controls

Control

Secure areas shall be protected by appropriate entry controls to ensure that only authorized personnel are allowed access.

A.9.1.3 Securing offices, rooms and facilities

Control

Physical security for offices, rooms, and facilities shall be designed and applied.

A.9.1.4 Protecting against external and environmental threats

Control

Physical protection against damage from fire, flood, earthquake, explosion, civil unrest, and other forms of natural or man-made disaster shall be designed and applied.

A.9.1.5 Working in secure areas

Control

Physical protection and guidelines for working in secure areas shall be designed and applied.

A.9.1.6 Public access, delivery and loading areas

Control

Access points such as delivery and loading areas and other points where unauthorized persons may enter the premises shall be controlled and, if possible, isolated from
information processing facilities to avoid unauthorized access.