Information
-
Audit Title
-
Document No.
-
Client / Site
-
Conducted on
-
Prepared by
-
Location
-
Personnel
A9 Physical and Environmental Security
A9.1 Secure Areas
-
A9.1.1 Are security perimeters (e.g. walls, card-controlled entry gates or manned reception desks) used to protect areas which contain information and information processing facilities?
-
A9.1.2 Are secure areas protected by appropriate entry controls to ensure only authorised personnel are allowed access?
-
A9.1.3 Are physical security for offices, rooms and facilities designed and applied?
-
A9.1.4 Is physical protection against damage from fire, flood, earthquake, explosion, civil unrest and other forms of natural or man-made disaster designed and applied?
-
A9.1.5 Are physical protection and guidelines for working in secure areas designed and applied?
-
A9.1.6 Are access points such as delivery and loading areas (& other points) where unauthorised persons may enter the premises controlled, and if possible, isolated from information processing facilities to avoid unauthorised access?
A9.2 Equipment Security
-
A9.2.1 Is equipment sited or protected to reduce risks from environmental threats and hazards and opportunities for unauthorised access?
-
A9.2.2 Is equipment protected from power failures and other disruptions caused by failures in supporting utilities?
-
A9.2.3 Are power and telecommunications cabling carrying data or supporting information protected from interception or damage?
-
A9.2.4 Is equipment correctly maintained to ensure it continued availability and integrity?
-
A9.2.5 Is security applied to off-site equipment taking into account the different risks of working outside the organisations premises?
-
A9.2.6 Are all items of equipment containing storage media checked to ensure that any sensitive data and licensed s/w has been removed or securely overwritten prior to disposal or re-use?
-
A9.2.7 Is there a mechanism to ensure that equipment, information or s/w are not taken off-site without prior authorisation?
Major non-conformances
-
List any MAJOR non-conformances
Minor non-Conformances
-
List all MINOR non-conformances
Observations and opportunities for improvemement
-
List any observations or opportunities for improvement
-
Sign off the audit
