Securing your organization’s information isn’t limited to digital operations. Security measures in place on the physical premises are just as important. Different security risks emerge depending on the location of your facilities, the amount of daily foot traffic, and environmental trends. Implementing physical security controls is a requirement for a comprehensive information security program. Before you can begin the process of implementing such physical controls, you need to have a holistic view of your organization's facilities, physical access routes, and current safeguards in place. Conducting a physical site survey and creating a corresponding diagram helps identify the current state of your organization's physical security. It will also highlight weak points in physical security, which can be used to identify necessary physical security controls to implement in your information security program. A site diagram should be based on a basic floor plan of your entire business facility (or facilities), and then overlay and label the following:
- Perimeter
- Doors and other building entrance points
- Asset locations including server rooms/network closets, offices, and private areas.
- Physical access control checkpoints, such as locks, keycard readers, and human security cards.
- Security cameras, with their field of view labeled
- Publicly accessible areas
Once a site survey and site diagram have been created, ensure that the diagram and any other associated documentation are stored and protected with the same procedures afforded to other internal business data.
