When to use this
Use this assessment to determine physical security controls for offices, rooms, and facilities based on the information and assets inside them.
Related controls
- A.7.3 Securing Offices Rooms and Facilities
- A.7.1 Physical Security Perimeters
- A.5.12 Classification of Information
- Risk Assessment
Assessment
| Room/facility | Information/assets | Highest classification/criticality | Key risks | Existing controls | Required controls | Owner | Review date |
|---|---|---|---|---|---|---|---|
| TBD | TBD | TBD | Unauthorized viewing/tampering/theft/disruption | TBD | TBD | TBD | TBD |
Design checks
- Controls match the most sensitive/critical information in the area.
- Room purpose is not unnecessarily exposed through signs or labels.
- Internal directories, phone lists, and access codes are not visible to unauthorized persons.
- Centralized repositories receive stronger controls.
- Specialized controls are risk-justified and operationally workable.
- Business continuity impacts are considered.
- Template
- Iso27001
- Physical controls
- Facilities
Note Metadata
Aliases: Room Security Assessment
Source: 90 Templates/Office Room and Facility Security Assessment.md
Related Notes
- Risk Assessment
- ISO 27001 A.5.12 - Classification of Information
- ISO 27001 A.7.1 - Physical Security Perimeters
- ISO 27001 A.7.3 - Securing Offices, Rooms and Facilities
- A.7 Physical Controls MOC
- A.7.3 Audit Evidence Pack
- A.7 Physical Controls Implementation Guide
- A.7 Physical Controls Implementation Audit Risk Mapping
- ISO 27002 Annex A Control Interpretation Map
- A.7.3 Audit Checklist
- Templates MOC