Physical Security Policy

Updated Annually


The Physical Security Policy is implemented in order to ensure both the safety of the organizational computer systems as well as additional physical resources on the company premises.


The Physical Security Policy is intended to ensure that physical computer resources and information resources are properly protected physically.


The Physical Security Policy applies to all company computer systems and information, including printed copies of information that may be sensitive.

Physical Requirements

Appropriate measures in regard to access control, environment, and protection must be in place to properly protect physical computer systems and information resources from physical harm or unauthorized disclosure. These resources include information assets that are not computer-related. All ID123 members are responsible for ensuring that information resources and computer systems have proper and adequate physical security.

  • Access to the office must be logged either electronically or on log sheets. The person getting access must be required to log in and the log-in requirement must not be Places where authentication devices or data storage facilities exist must require access logs records to be maintained.
  • Removal or addition of computer equipment belonging to ID123 must be logged and accounted for within the office.
  • All those who have access to where organizational computer systems are must pass a security background check or be escorted by a staff member who has passed a security background check.
  • Computer equipment that allows access to systems without password controls such as account login must be protected in rooms with proper physical access controls. These controls must include mandatory logging of access and proper construction of the room to prevent the unauthorized break-in.
  • Office premises must be secured in the absence of an authorized employee, with all physical locks on entryway doors engaged.

Policy Compliance

Employees must adhere to the outlined protocol above and following, with special considerations for personal policies.

  • Be alert and aware of suspicious characters in or near the office Report suspicious characters or activities as is appropriate and safe.
  • Keep computer equipment in your possession secure at all times whether on organizational premises or away from the ID123 premises.
  • Report loss or theft of any sensitive documents, memory storage devices, or computer equipment to management and document it with appropriate forms.
  • Be sure information assets being disposed of are disposed of properly in accordance with the Data Destruction Policy, if applicable.


Since proper physical security is critical for protecting the security of the company, employees that purposely violate this policy may be subject to disciplinary action up to and including denial of access, legal penalties, and/or termination.