This domain covers the physical security controls you have implemented to protect your organisation's physical premises.
Answer yes if your organisation has implemented a secure physical perimeter around all of its physical locations. Please provide a Physical Security Policy document (as a PDF file) as evidence or reference a section of a previously provided security policy in the notes.
Answer yes if your organisation uses CCTV cameras on all of its premises entry and exit points.
If your organisation does use CCTV, please state the number of days that the CCTV footage is kept for. If your organisation does not use CCTV, please put 0 (zero). If different retention times are used depending on the CCTV system, please state the different retention times in the notes and enter the lowest retention time in the answer box.
Answer yes if your organisation uses an access control system to control the movement of people in and out of its physical premises, and if this system keeps a digital log of access.
If your organisation does keep physical access logs, please state the number of months that the access logs are kept for. If your organisation does not use a system that allows logging of access, please put 0 (zero). If different retention times are used depending on the access control system, please state the different retention times in the notes and enter the lowest retention time in the answer box.
Answer yes if all of your organisation's physical premises are secured with an alarm that once triggered, is investigated either by a private security team or the police.
Answer yes if all of your organisation's physical premises are staffed 24/7 by an onsite security team, reception team, or both. If security is present for some hours (not 24/7), please answer no and state in the notes section the times during which the premises are manned.
Answer yes if your organisation uses a physical or digital system to record the arrival of visitors, and the time at which they leave the premises.
Answer yes if your organisation requires all visitors to undergo an ID check on arrival to ensure that they are the person that they claim to be.
Answer yes if your organisation uses controls (such as Uninterruptible Power Supplies, UPS) to protect sensitive equipment from power failures.
Answer yes if your organisation disposes of all confidential paper waste in a secure manner (typically either by shredding or incineration), or if a third party is used to dispose of the waste securely.