ISO IEC 17799 2000
TRANSLATED INTO PLAIN ENGLISH
 PART 7. PHYSICAL & ENVIRONMENTAL SECURITY

 

ISO 17799 2000 is now OBSOLETE.
Please see ISO 27002 2005 (17799 2005)!
 

THE FOLLOWING MATERIAL IS NOW OBSOLETE

ISO IEC 17799 2000
INFORMATION SECURITY STANDARD

7. PHYSICAL AND ENVIRONMENTAL SECURITY

7.1 USE SECURE AREAS TO PROTECT FACILITIES

COMMENTS

1

Use physical methods to control access
to your information processing facilities.

DO

DONE

N/A

2

Use physical methods to prevent people
from damaging or interfering with your
information processing facilities.

DO

DONE

N/A

3

Identify the areas within your facility that
should receive special protection and be
treated as secure areas.

DO

DONE

N/A

4

Use secure areas to protect sensitive or
critical information processing facilities.

DO

DONE

N/A

5

Use entry controls to protect your
information processing facilities.

DO

DONE

N/A

6

Make sure that your physical protection methods
are commensurate with your security risks.

DO

DONE

N/A

7.1.1 USE PERIMETERS TO PROTECT SECURE AREAS

COMMENTS

7

Use physical security perimeters and barriers
to protect your organization’s information
processing facilities.

DO

DONE

N/A

8

Make sure that your physical security perimeters
and barriers provide more protection for high risk
areas than low risk areas.

DO

DONE

N/A

9

Make sure that your physical security barriers
and perimeters are free of physical gaps and
weaknesses.

DO

DONE

N/A

10

Make sure that external doors and entrance
ways are used to prevent unauthorized access
to information processing facilities.

DO

DONE

N/A

11

Restrict building access to authorized personnel.

DO

DONE

N/A

12

Use physical barriers to prevent
unauthorized access.

DO

DONE

N/A

13

Make sure that physical barriers are used
to prevent contamination from external
environmental sources.

DO

DONE

N/A

14

Make sure that external perimeter doors
are controlled by fire alarm systems.

DO

DONE

N/A

15

Make sure that all external perimeter doors
automatically slam shut in response to a fire.

DO

DONE

N/A

7.1.2 USE ENTRY CONTROLS TO PROTECT SECURE AREAS

COMMENTS

16

Use physical entry controls to protect secure areas.

DO

DONE

N/A

17

Make sure that your physical entry controls
ensure that only authorized people are
given access to secure areas.

DO

DONE

N/A

18

Make sure that visitors to secure areas
are given a security screening.

DO

DONE

N/A

19

Make sure that you supervise
all visitors to secure areas.

DO

DONE

N/A

20

Record the date and time visitors
enter and leave secure areas.

DO

DONE

N/A

21

Make sure that all visitors to secure areas
are given specific security instructions.

DO

DONE

N/A

22

Make sure that all visitors to secure areas are
made aware of your emergency procedures.

DO

DONE

N/A

23

Use physical controls to restrict
access to sensitive information.

DO

DONE

N/A

24

Use physical controls to restrict access
to information processing facilities.

DO

DONE

N/A

25

Validate the identity of all persons
who wish to access secure areas.

DO

DONE

N/A

26

Ensure that all persons who access
secure areas wear visible identity tags.

DO

DONE

N/A

27

Keep a record of access to secure areas.

DO

DONE

N/A

28

Review access rights to secure
areas on a regular basis.

DO

DONE

N/A

29

Update access rights to secure
areas on a regular basis.

DO

DONE

N/A

7.1.3 USE DESIGN STRATEGIES TO PROTECT SECURE AREAS

COMMENTS

30

Design your secure areas to
withstand natural disasters.

DO

DONE

N/A

31

Design your secure areas to
withstand man-made disasters.

DO

DONE

N/A

32

Design your secure areas in accordance
with all relevant health and safety
regulations and standards.

DO

DONE

N/A

33

Protect your secure areas from security threats
that neighboring facilities might present.

DO

DONE

N/A

34

Site secure areas in order to
avoid public access to them.

DO

DONE

N/A

35

Site secure area photocopiers and other
equipment so that routine access to
them will not compromise security.

DO

DONE

N/A

36

Design your information processing facilities in
order to hide their true purpose from the public.

DO

DONE

N/A

37

Use locks to control access to secure areas.

DO

DONE

N/A

38

Lock all information processing facility doors and
windows when these facilities are not being used.

DO

DONE

N/A

39

Install external window protections for
your information processing facilities.

DO

DONE

N/A

40

Use intruder detection systems to
prevent access to secure areas.

DO

DONE

N/A

41

Make sure that your intruder detection systems
cover all external doors and accessible windows.

DO

DONE

N/A

42

Make sure that your intruder detection
systems comply with professional installation
and maintenance standards.

DO

DONE

N/A

43

Test your intruder detection
systems on a regular basis.

DO

DONE

N/A

44

Keep unoccupied secure
areas alarmed at all times.

DO

DONE

N/A

45

Separate your information processing facilities
from facilities that are managed by third parties.

DO

DONE

N/A

46

Prevent public access to internal directories and
documents that specify the location of sensitive information processing facilities.

DO

DONE

N/A

47

Site fallback equipment away from secure areas
in order to avoid damage during a disaster.

DO

DONE

N/A

48

Site backup media away from secure areas
in order to avoid damage during a disaster.

DO

DONE

N/A

49

Store hazardous materials
away from secure areas.

DO

DONE

N/A

50

Store combustible materials
away from secure areas.

DO

DONE

N/A

7.1.4 USE WORK GUIDELINES TO PROTECT SECURE AREAS

COMMENTS

51

Use guidelines to control the work that
your personnel perform in secure areas.

DO

DONE

N/A

52

Use guidelines to control the work that
third parties perform in secure areas.

DO

DONE

N/A

53

Allow third party support service personnel
to access secure areas only when access
is clearly required.

DO

DONE

N/A

54

Monitor third party access
to your secure areas.

DO

DONE

N/A

55

Ensure that third party access
to secure areas is authorized.

DO

DONE

N/A

56

Use a need-to-know policy to control information
about your secure areas and facilities.

DO

DONE

N/A

57

Supervise all work performed in secure areas.

DO

DONE

N/A

58

Lock secure areas that are vacant.

DO

DONE

N/A

59

Check secure areas that are vacant.

DO

DONE

N/A

60

Prevent the unauthorized use of photographic and
other recording equipment inside secure areas.

DO

DONE

N/A

7.1.5 USE HOLDING AREAS TO PROTECT SECURE AREAS

COMMENTS

61

Control the use of delivery and loading areas.

DO

DONE

N/A

62

Separate your delivery and loading areas from
all of your information processing facilities.

DO

DONE

N/A

63

Make sure that all delivery and loading
functions are carried out in a carefully
controlled holding area.

DO

DONE

N/A

64

Make sure that you restrict
access to your holding area.

DO

DONE

N/A

65

Make sure that holding area is designed
so that supplies can be unloaded without
allowing access to secure areas.

DO

DONE

N/A

66

Make sure that your holding area is designed
so that the external door is secured when the
internal door is open.

DO

DONE

N/A

67

Inspect all incoming supplies and materials to
ensure that all hazards are identified before
these items are transferred to secure areas.

DO

DONE

N/A

68

Record all incoming supplies and materials.

DO

DONE

N/A

7.2 PROTECT EQUIPMENT FROM HAZARDS

COMMENTS

69

Protect your equipment from
security threats and hazards.

DO

DONE

N/A

70

Protect your equipment from
environmental threats and hazards.

DO

DONE

N/A

71

Make sure that your physical security
measures reduce the risk that people will
have unauthorized access to your data.

DO

DONE

N/A

72

Make sure that physical security measures
protect your data from loss or damage.

DO

DONE

N/A

Etcetera ...

DO

DONE

N/A

OTHER ISO 27002 (17799 2005) WEB PAGES

Introduction to ISO 27002 2005 (17799 2005) Information Security Standard

Overview of the ISO 27002 2005 (17799 2005) Information Security Standard

ISO 27002 2005 (17799 2005) Information Security Management Definitions

ISO 27002 2005 (17799 2005) Information Security Standard in Plain English

ISO 27002 2005 (17799 2005) Information Security Audit Tool

How to Order

Our Products

Our Prices

Our Guarantee

Home Page

Table of Contents

Our License

Our Customers

PRAXIOM RESEARCH GROUP LIMITED
Telephone: 780-461-4514 info@praxiom.com

First published on November 5, 2004. Updated on December 27, 2011.

Disclaimer and Limitation of Liability
The publisher and authors have used their best efforts in designing and
  developing this electronic publication. We make no representation or warranties
  with respect to accuracy or completeness of the contents of this publication and
  specifically disclaim any implied warranties or merchantability or fitness for any
  particular purpose and shall in no event be liable for any loss of profit or any
  other commercial damage, including but not limited to special, incidental,
  consequential, or other damages.

Legal Restrictions on the Use of this Page
Thank you for visiting this page. You are, of course, welcome to view our
 material as often as you wish, free of charge. And as long as you keep intact
 all copyright notices, you are also welcome to print or make one copy of this
 page for your own personal, noncommercial, home use. But, you are not
 legally authorized to print or produce additional copies or to copy and paste
 any of our material onto another web site or to republish it in any way.

Copyright © 2004 - 2011 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Research