psjenkins/ISMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
draft
ISMS/01-policies/physical-security-policy.md
Paul Jenkins 5eade2d99b Initial commit
2026-03-26 09:35:22 +00:00

2.5 KiB
Raw Permalink Blame History

Title: Physical Security Policy Document ID: [POL-PHYSICAL-001] Version: 0.1 Draft Status: Draft Owner: CISO (Paul Jenkins) Approver: CEO (Paul Hague) Classification: Internal Effective date: [DD Month YYYY] Review date: [DD Month YYYY]

Physical Security Policy

Purpose

This policy defines BlackDice's high-level requirements for protecting physical environments, assets, and information from unauthorised physical access, damage, or interference.

Scope

This policy applies to offices, shared workspaces, storage areas, endpoint handling, and any other physical locations or facilities used for in-scope business activity. It also applies, where relevant, to third-party facilities that support in-scope operations.

Objectives

  • reduce risk arising from unauthorised physical access or asset loss
  • protect equipment and information used in business operations
  • support secure working across office, remote, and supplier-hosted environments

Principles / Policy Statements

Physical access to locations handling sensitive information or important technology assets must be controlled according to risk and business need.

Equipment and media containing sensitive information must be protected from theft, loss, damage, or unauthorised use.

BlackDice must consider physical risks associated with office environments, remote working, shipped equipment, and any third-party hosting or operational facilities relevant to in-scope services.

Clear desk, screen protection, visitor control, and secure disposal practices should be applied where appropriate to the working environment and information handled.

Physical security responsibilities for supplier or cloud-hosted facilities must be understood as part of supplier and shared-responsibility arrangements.

Roles and Responsibilities

  • [Role] must define physical security expectations.
  • Location and asset owners must apply physical protections appropriate to their environments.
  • Personnel must protect assets and information from avoidable physical exposure.

Compliance / Exceptions

Exceptions to required physical security measures must be documented and approved according to risk.

Monitoring and Review

This policy should be reviewed through incidents, asset issues, supplier assurance, and audit.

Related Documents

  • Information Security Policy
  • Remote Working Policy
  • Asset Management and Acceptable Use Policy
  • Supplier Security Policy

Version Control

Version Date Description of Change Author
0.1 Draft [DD Month YYYY] Initial draft. [Name or Role]
Reference in New Issue View Git Blame Copy Permalink