Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook

Physical access control to building, offices and other premises

Critical
High
Normal
Low

Secure areas of the organization cannot be accessed unnoticed. The premises are protected by appropriate access control. Only authorized persons have access to the secure areas.

Connected other frameworks and requirements:
F04: Kulkuoikeuksien hallinta
11.1.2: Physical entry controls
ISO 27001
11.1.1: Physical security perimeter
ISO 27001
PR.AC-2: Physical access control
NIST CSF
DE.CM-2: The physical environment monitoring
NIST CSF

Visitor instructions and log

Critical
High
Normal
Low

Visitors shall have access to secure areas only with permission, after they are appropriately identified and their access rights shall be limited to the necessary facilities. All visits are recorded in the visitor log. In addition, staff have guidelines about safe operating in connection with visits.

Connected other frameworks and requirements:
11.1.2: Physical entry controls
ISO 27001
F04: Kulkuoikeuksien hallinta
PR.AC-2: Physical access control
NIST CSF
7.2: Physical entry
ISO 27001

Ensuring the quality of equipment maintenance

Critical
High
Normal
Low

Equipment should be serviced at intervals recommended by the supplier and in accordance with the supplier's specifications.

Connected other frameworks and requirements:
11.2.4: Equipment maintenance
ISO 27001
F04: Kulkuoikeuksien hallinta
PR.MA-1: Asset management and repair
NIST CSF
7.13: Equipment maintenance
ISO 27001

Limited access and monitoring of support staff

Critical
High
Normal
Low

External support staff, such as maintenance or cleaning staff, will only be granted access to the necessary security areas and confidential data processing services they need. Access rights for external support staff are reviewed regularly.

Connected other frameworks and requirements:
11.1.2: Physical entry controls
ISO 27001
F04: Kulkuoikeuksien hallinta
7.2: Physical entry
ISO 27001
No items found.