When to use this
Use this procedure template to define how sensitive work is performed inside secure areas.
Related controls
Procedure scope
| Secure area | Sensitive work performed | Information/assets protected | Authorized roles | Procedure owner |
|---|---|---|---|---|
| TBD | TBD | TBD | TBD | TBD |
Working rules
- Access is limited to authorized personnel.
- Need-to-know restrictions are defined.
- Visitors, contractors, and third parties are escorted or supervised.
- Paper, media, and equipment movement is logged where required.
- Mobile phones, cameras, audio/video devices, and smart devices are restricted where required.
- Sensitive work is supervised where required.
- Dual control is applied to high-risk actions where required.
- Exceptions are approved, recorded, and time-bound.
Exit checks
- Sensitive information removed or secured.
- Media and equipment accounted for.
- Screens locked or systems logged out.
- Waste handled securely.
- Work session records completed where required.
- Template
- Iso27001
- Physical controls
- Secure areas
Note Metadata
Aliases: Working in Secure Areas Procedure
Source: 90 Templates/Secure Area Working Procedure.md
Related Notes
- ISO 27001 A.5.15 - Access Control
- ISO 27001 A.5.18 - Access Rights
- ISO 27001 A.7.2 - Physical Entry
- ISO 27001 A.7.6 - Working in Secure Areas
- A.7 Physical Controls MOC
- A.7.6 Audit Evidence Pack
- A.7 Physical Controls Implementation Guide
- A.7 Physical Controls Audit Guide
- A.7 Physical Controls Implementation Audit Risk Mapping
- ISO 27002 Annex A Control Interpretation Map
- A.7.6 Audit Checklist
- Secure Area Work Authorization Register
- Templates MOC