Physical Security Policy

SOC 2 Criteria: CC6.4

ISO 27001 Annex A: A.11.1, A.11.2.1, A.11.2.2, A.11.2.3, A.11.2.5, 11.2.6

Keywords: Facilities, Access Requirements, Asset Security

Purpose

The Physical Security Policy establishes requirements to ensure that Bangkok Solutions’s information assets are protected by physical controls that prevent tampering, damage, theft or unauthorized physical access. This policy defines the following controls and acceptable practices:

  • Definition of physical security perimeters and required controls
  • Protection of equipment stored off-site

Scope

This policy applies to all Bangkok Solutions physical facilities and users of information systems within Bangkok Solutions, which typically include employees and contractors, as well as any external parties that have physical access to the company’s information systems. This policy must be made readily available to all users.

Roles and Responsibilities

The acting information security officer and team will facilitate and maintain this policy and ensure all employees have reviewed and read the policy.

Policy

General

  • Physical access to Bangkok Solutions facilities is restricted.
  • All workforce members work remotely and must make sure their assets such as laptops are always properly secured.

 

 

Access Requirements

  • Workstation Security
    • All workforce members are required to monitor workstations and report unauthorized users and/or unauthorized attempts to access systems/applications as per the System Access Control Policy.
    • All workstations purchased by Bangkok Solutions are the property of Bangkok Solutions and are distributed to personnel by the company.

Data Center Security

Physical security of data centers is ensured by Bangkok Solutions’s cloud infrastructure service provider: Google Cloud Provider.

Revision History

Version

Date

Editor

Description of Changes

V1

October 1st, 2021

Bangkok Solutions

Initial Creation