Secure areas of the organization cannot be accessed unnoticed. The premises are protected by appropriate access control. Only authorized persons have access to the secure areas.
Access to areas where confidential information is handled or stored should be restricted to authorized individuals through appropriate access control, e.g. using a two-step authentication mechanism such as an access card and a passcode.
Organisation's premises and the operating environments of the equipment are actively protected by security.