The ISSP should include a Physical Security Plan even though many ISSSs don’t
maintain direct responsibility for the physical security function. Items to be addressed
· Access to building and room restrictions (including parking lots and proximity
parking if applicable); special consideration for key IT resources: computer
rooms, web farms, servers and the telecommunications cabinets. Periodic
checks on cleaning, maintenance and other personnel with unfettered access
to office (again, special attention to key IT resources) areas should be
included in the plan.
· Employee identification: badges, guard notification of separated/removed
employees or contractors.
· Policies and procedures itemized for non-employees access to building and
key IT resources; visitor logs maintained.
· Maintenance of master keys, key-cards and cipher lock numbers.
· Emergency preparedness materials identified, maintained and accessible.
· Response and removal procedures for violent, disruptive or otherwise
· Property (PCs, laptops, hard drives, diskettes, CDs, etc.) tracking. In:
verification material is safe and appropriate. Out: authorized via property
pass and logged.
· Backups and offsite storage appropriate and according to established
· Occupant Emergency Plans in place, tested and maintained.