## 7.3 Securing offices, rooms and facilities

  

| **Control type** | **Information security properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** |

|------------------|-----------------------------------------|---------------------------|--------------------------------------|---------------------|

| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Physical_security<br>#Asset_management | #Protection |

  

**Control**

  

Physical security for offices, rooms and facilities should be designed and implemented. **Purpose**

  

To prevent unauthorized physical access, damage and interference to the organization’s information and other associated assets in offices, rooms and facilities.

  

**Guidance**

  

The following guidelines should be considered to secure offices, rooms and facilities:

  

a\) siting critical facilities to avoid access by the public;

  

b\) where applicable, ensuring buildings are unobtrusive and give minimum indication of their purpose, with no obvious signs, outside or inside the building, identifying the presence of information processing activities;

  

c\) configuring facilities to prevent confidential information or activities from being visible and audible from the outside. Electromagnetic shielding should also be considered as appropriate;

  

d\) not making directories, internal telephone books and online accessible maps identifying locations of confidential information processing facilities readily available to any unauthorized person.

  

**Other information**

No other information.