Physical controls are often viewed as involving only physical access to a facility. However, physical controls also include access to controlled areas within a facility, access to computers or other network devices, handling of laptops, and location and handling of printers. Unauthorized access to an unattended device can result in harmful or fraudulent use of the device or exposure of confidential or office – use only information stored within it or accessible through it.
Access to Organisation’s facilities should be controlled in a manner that provides security to the organisation’s community and assets while providing for the detection of perimeter breaches. Since no physical security measure will withstand all intrusions, Organisation’s facilities should always be provided with a degree of physical protection commensurate with the value of the assets in, around, or accessible from that facility. Users should protect their workstations in a manner that precludes unauthorized access to organisation’s information resources. This would include logging out of computers when left unattended or invoking a password protected screen saver to deter unauthorized use. Encryption of files that contain protected information should be considered for the storage of protected information.
Laptop computers require special consideration in addition to those regarding general purpose desktop computers. When not in use the laptop should be stored in a locked cabinet or desk drawer, or otherwise secured with some type of physical locking device. When traveling, maintain physical control of the system at all times, and consider the use of removable media for storage of protected Information while on travel.
Note that all organisation’s facilities must also adhere to all local, state and national electrical, fire, and other appropriate codes and insurance requirements.