When to use this
Use this template to assess site, building, room, utility, and neighboring-premises hazards that could affect information assets or ICT continuity.
Related controls
- A.7.5 Protecting Against Physical and Environmental Threats
- A.5.29 Information Security During Disruption
- A.5.30 ICT Readiness for Business Continuity
- Risk Assessment
Assessment table
| Site/area | Hazard | Source | Asset/process affected | Existing control | Impact | Likelihood | Risk decision | Action owner | Due date |
|---|---|---|---|---|---|---|---|---|---|
| TBD | Fire/flood/power/cooling/neighbor/civil unrest | Internal/external/neighbor | TBD | TBD | H/M/L | H/M/L | Treat/accept/avoid/transfer | TBD | TBD |
Specialist advice
| Hazard | Specialist consulted | Advice received | Decision | Evidence location |
|---|---|---|---|---|
| TBD | TBD | TBD | TBD | TBD |
Continuity linkage
- Confirm fallback arrangements align to site hazards.
- Confirm backups are protected from the same physical event.
- Confirm ICT continuity plans consider power and cooling failure.
- Confirm emergency roles are trained.
- Confirm response records are retained.
- Template
- Iso27001
- Physical controls
- Environmental threats
Note Metadata
Aliases: Site Physical Environmental Threat Assessment
Source: 90 Templates/Physical and Environmental Threat Assessment.md
Related Notes
- Risk Assessment
- ISO 27001 A.5.29 - Information Security During Disruption
- ISO 27001 A.5.30 - ICT Readiness for Business Continuity
- ISO 27001 A.7.5 - Protecting Against Physical and Environmental Threats
- A.7 Physical Controls MOC
- A.7.5 Audit Evidence Pack
- A.7 Physical Controls Implementation Guide
- A.7 Physical Controls Audit Guide
- A.7 Physical Controls Implementation Audit Risk Mapping
- ISO 27002 Annex A Control Interpretation Map
- A.7.5 Audit Checklist
- Environmental Protection Inspection Checklist
- Templates MOC