iso27diy-corp/Corpus/Standards/ISO-27002-OST/ISO27002-EN-2022/a-7.3-Securing-offices-rooms-and-facilities.md

7.3 Securing offices, rooms and facilities

| Control type | Information security properties | Cybersecurity concepts | Operational capabilities | Security domains |

|------------------|-----------------------------------------|---------------------------|--------------------------------------|---------------------|

| #Preventive | #Confidentiality #Integrity #Availability | #Protect | #Physical_security
#Asset_management | #Protection |

Control

Physical security for offices, rooms and facilities should be designed and implemented. Purpose

To prevent unauthorized physical access, damage and interference to the organization’s information and other associated assets in offices, rooms and facilities.

Guidance

The following guidelines should be considered to secure offices, rooms and facilities:

a) siting critical facilities to avoid access by the public;

b) where applicable, ensuring buildings are unobtrusive and give minimum indication of their purpose, with no obvious signs, outside or inside the building, identifying the presence of information processing activities;

c) configuring facilities to prevent confidential information or activities from being visible and audible from the outside. Electromagnetic shielding should also be considered as appropriate;

d) not making directories, internal telephone books and online accessible maps identifying locations of confidential information processing facilities readily available to any unauthorized person.

Other information

No other information.