You secure physical business locations to prevent unauthorised access, damage and interference to personal data.
Ways to meet our expectations:
- You protect secure areas (areas that contain either sensitive or critical information) by appropriate entry controls such as doors and locks, alarms, security lighting or CCTV.
- You have visitor protocols in place such as signing-in procedures, name badges and escorted access.
- You implement additional protection against external and environmental threats in secure areas such as server rooms.
- Office equipment is appropriately placed and protected to reduce the risks from environmental threats and opportunities for unauthorised access.
- You securely store paper records and control access to them.
- You operate a clear desk policy across your organisation where personal data is processed.
- You have regular clear desk 'sweeps' or checks and issues are fed back appropriately
- You operate a 'clear screen' policy across your organisation where personal data is processed.
Can you answer yes to the following questions?
- Are printer/fax areas secure?
- Do staff follow protocols and are they clearly communicated?
- Would we see appropriate environmental controls in your secure areas?
- Would a tour of your offices reveal an effective clear desk policy?
- Are screens left unlocked?