This policy shall be reviewed by relevant stakeholders, send feedbacks and shall be approved by relevant Decision Makers and with the Final Approval of the Legal Department for Implementation.
Furthermore please check the latest BSP MORB Guidelines and Requirements to confirm the policies and procedures stated herein.
Introduction:
This policy outlines the measures to protect the organization's IT assets from physical damage or unauthorized access, including security cameras, access controls, and environmental controls. This policy is intended to ensure the confidentiality, integrity, and availability of IT systems and resources by securing the physical environment in which they are located.
Scope: This policy applies to all employees, contractors, and other individuals who are responsible for the operation and maintenance of IT systems and resources, including but not limited to: servers, databases, applications, and network resources.
Policy:
Security cameras:
The organization must install security cameras in all areas where IT assets are located.
The security cameras must be monitored 24/7 by a designated security personnel or a third-party security company.
The security cameras must be able to capture clear footage of the areas they are monitoring.
Access controls:
The organization must implement access controls to limit access to IT assets to authorized personnel only.
The organization must use biometric or card-based access controls to ensure that only authorized personnel can access IT assets.
The organization must have a process for revoking access to IT assets for personnel who no longer require it.
Environmental controls:
The organization must implement environmental controls to protect IT assets from damage caused by heat, humidity, and other environmental factors.
The organization must have fire suppression systems in place to protect IT assets from fire damage.
The organization must have uninterruptable power supply (UPS) to protect IT assets from power outages.
Implementation:
The IT department is responsible for the implementation and enforcement of this policy.
The IT department must establish a process for securing the physical environment in which IT assets are located.
The IT department must conduct regular audits to ensure compliance with this policy.
Enforcement:
Non-compliance with this policy may result in disciplinary action, up to and including termination of employment or contract.
Any suspected violations of this policy must be reported to the IT department immediately.