The physical access policy defines who is allowed physical access to facilities that house information systems, the information systems within those facilities, and/or the display mechanisms associated with those information systems. The policy outlines standards for employee access to facilities as well visitor access. Without the physical access controls that this policy provides, information systems could be illegitimately physically accessed and the security of the information they house be compromised.
Risks addressed by this policy:
- Loss of critical corporate data
- Malicious attacks on corporate data and technology based resources
- Loss of revenue