Physical security must take into account all types of access that can be given to data storage locations. The first step is to imagine a common situation in the company's routine. What is needed to access the locations where servers and other equipment are stored? Finally, who should be allowed to access them?
This simple question can help define policies that regulate the movement of people through restricted access places. The identification of employees by badges, for example, is a basic control measure, but it requires the presence of a security professional to allow or prevent entry to the site.
Know more: Managed UPS Services
More advanced technology systems are gaining more and more space in the current market, as they guarantee an access policy that is not only more effective but easier to control. Some interesting ways to increase the level of security is to install turnstiles, access doors controlled by password or biometrics (fingerprint), check the access points to the building's network, among others.
It is worth remembering that, for this, it is essential to document each access, including the person's name, what equipment they took with them, date and time etc. Outsourced employees should, whenever possible, be accompanied by someone from the company. This includes cleaning and building maintenance professionals who end up accessing the sites periodically.
All of these issues must be considered taking into account the specific profile of your company: what types of data does it store, what is the relevance of that information, what are the risks of a leak, what losses can be caused by a loss of data etc.
Remember that security policy must also consider possible natural disasters. Earthquakes, floods and fires, however infrequent, should in no way be ignored. Keep your physical security system in line with the security policy of employees, including the participation of brigade members and CIPA members.
The Information security engineer should work in collaboration with the information security team to offer support to security tools and technologies such as firewall, proxy server, remote access, and others.