Secure areas should be protected by appropriate entry controls and access points.
This control is to ensure that only authorised personnel have access to the locations where confidential and sensitive information resides.
Details of the Physical Entry could be a part of the Physical security or information security document. The details should include:
- Restricting access to sites and buildings to authorised personnel. The process for the management of access to be considered
- Maintaining a logbook or electronic audit trail of all access and protecting all logs
- Setting up the reception area ensuring it is not left unattended
- Establishing and implementing technical mechanisms for the management of access to sensitive information locations. This can be achieved by introducing the use of Smart Cards, PIN-enabled locks, and double security doors.
- Ensuring that employees and visitors have distinct and visible IDs / Badges. Most importantly, it is important to develop a culture of asking unknown people to roam around in the premises.
- Physically segregating incoming and outgoing parcels and post.