Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved
(A) Management reviews of physical security measures shall be conducted
annually, as well as whenever facilities or security procedures are
significantly modified.
(B) Physical access to central computer rooms shall be restricted to
only authorized personnel. Authorized visitors shall be recorded
and supervised.
(C) Employees and information resources shall be protected from
environmental hazards. Designated employees shall be trained to
monitor environmental control procedures and equipment and shall be
trained in desired response in case of emergencies or equipment
problems.
(D) Confidential or sensitive information, when handled or processed by
terminals, communication switches, and network components outside
the central computer room, shall receive the level of protection
necessary to ensure its integrity and confidentiality. The
required protection may be achieved by physical or logical
controls, or a mix thereof.
(E) Emergency procedures shall be developed and regularly tested.