Do your due diligence by verifying assessment responses. This is a defensible step that helps ensure you are getting truthful answers. We recommend that you add a few more requirements every year in order to gradually expand the body of evidence.
You can ask for evidence after the assessment has been submitted OR proactively set the requirements in an assessment template. This is the easier method. Learn how to set assessment requirements here.
The recommended list of physical requirements is below:
2.5 Housekeeping (2)
Section 1.2 - Perimeter Controls
Doors and windows on the facility perimeter are locked when unattended.
If True, physical inspection and verification is preferred. Asking for photo evidence is an acceptable alternative
If False, consider pursuing in remediation
If N/A, ask for a note explaining why this is not applicable and a specific date for when this will be reviewed for applicability
Exterior lighting sufficiently illuminate the building perimeter.
If True, physical inspection and verification is preferred. Asking for photo evidence is an acceptable alternative
If False, consider pursuing in remediation
If N/A, ask for a note explaining why this is not applicable and a specific date for when this will be reviewed for applicability
Section 1.3 - Entry Controls
Facility entrances and exits are adequately monitored by camera surveillance.
If True, physical inspection and verification is preferred. Asking for photo evidence is an acceptable alternative
If False, consider pursuing in remediation
If N/A, ask for a note explaining why this is not applicable and a specific date for when this will be reviewed for applicability
Section 1.4 - Public Spaces
Critical assets (people, activities, building systems and components) are not located close to a main entrance, vehicle circulation, parking, maintenance area, loading dock, and/or interior parking.
If True, physical inspection and verification is preferred. Asking for photo evidence is an acceptable alternative
If False, consider pursuing in remediation
If N/A, ask for a note explaining why this is not applicable and a specific date for when this will be reviewed for applicability
Section 1.5 - Office Spaces
The identity of visitors is authenticated.
If True, physical inspection and verification is preferred. Asking for photo evidence is an acceptable alternative
If False, consider pursuing in remediation
If N/A, ask for a note explaining why this is not applicable and a specific date for when this will be reviewed for applicability
Section 1.6 - Restricted Areas
All restricted areas are configured to prevent confidential information and activities from being visible and audible from the outside.
If True, physical inspection and verification is preferred. Asking for photo evidence is an acceptable alternative
If False, consider pursuing in remediation
If N/A, ask for a note explaining why this is not applicable and a specific date for when this will be reviewed for applicability
Section 2.1 - Equipment Siting
Sensitive equipment and systems are in a secure area(s).
If True, physical inspection and verification is preferred. Asking for photo evidence is an acceptable alternative
If False, consider pursuing in remediation
If N/A, ask for a note explaining why this is not applicable and a specific date for when this will be reviewed for applicability
Disaster recovery facilities, fallback equipment, and back-up media are stored at a safe distance from the primary process facility to avoid damage from a disaster affecting the main site.
If True, physical inspection and verification is preferred. Asking for photo evidence is an acceptable alternative
If False, consider pursuing in remediation
If N/A, ask for a note explaining why this is not applicable and a specific date for when this will be reviewed for applicability
Section 2.3 - Cabling Security
Core and/or distribution cabling, racks, and/or demarcation points are not visible, exposed, and located in work areas.
If True, physical inspection and verification is preferred. Asking for photo evidence is an acceptable alternative
If False, consider pursuing in remediation
If N/A, ask for a note explaining why this is not applicable and a specific date for when this will be reviewed for applicability
Network closets and wiring rooms are secured.
If True, physical inspection and verification is preferred. Asking for photo evidence is an acceptable alternative
If False, consider pursuing in remediation
If N/A, ask for a note explaining why this is not applicable and a specific date for when this will be reviewed for applicability
Section 2.5 - Housekeeping
Background checks are conducted on all housekeeping personnel.
If True, physical inspection and verification is preferred. Asking for photo evidence is an acceptable alternative
If False, consider pursuing in remediation
If N/A, ask for a note explaining why this is not applicable and a specific date for when this will be reviewed for applicability
Housekeeping personnel (and/or the contracting company) are bonded and insured.
If True, physical inspection and verification is preferred. Asking for photo evidence is an acceptable alternative
If False, consider pursuing in remediation
If N/A, ask for a note explaining why this is not applicable and a specific date for when this will be reviewed for applicability
Section 2.6 - Clear Desk/Screen
Lockable cabinets and drawers are made available and utilized to enable the protection of sensitive and critical business information from loss, damage, or disclosure during and after working hours.
If True, physical inspection and verification is preferred. Asking for photo evidence is an acceptable alternative
If False, consider pursuing in remediation
If N/A, ask for a note explaining why this is not applicable and a specific date for when this will be reviewed for applicability
Confidential and/or sensitive information is not viewable on systems by passersby or people who are not formally cleared to view such information.
If True, physical inspection and verification is preferred. Asking for photo evidence is an acceptable alternative
If False, consider pursuing in remediation
If N/A, ask for a note explaining why this is not applicable and a specific date for when this will be reviewed for applicability
Related Items
โ