Physical Security Policy
SOC 2 Criteria: CC6.4
ISO 27001 Annex A: A.11.1, A.11.2.1, A.11.2.2, A.11.2.3, A.11.2.5, 11.2.6
Keywords: Facilities, Access Requirements, Asset Security
Purpose
The Physical Security Policy establishes requirements to ensure that Bangkok Solutions’s information assets are protected by physical controls that prevent tampering, damage, theft or unauthorized physical access. This policy defines the following controls and acceptable practices:
- Definition of physical security perimeters and required controls
- Protection of equipment stored off-site
Scope
This policy applies to all Bangkok Solutions physical facilities and users of information systems within Bangkok Solutions, which typically include employees and contractors, as well as any external parties that have physical access to the company’s information systems. This policy must be made readily available to all users.
Roles and Responsibilities
The acting information security officer and team will facilitate and maintain this policy and ensure all employees have reviewed and read the policy.
Policy
General
- Physical access to Bangkok Solutions facilities is restricted.
- All workforce members work remotely and must make sure their assets such as laptops are always properly secured.
Access Requirements
- Workstation Security
- All workforce members are required to monitor workstations and report unauthorized users and/or unauthorized attempts to access systems/applications as per the System Access Control Policy.
- All workstations purchased by Bangkok Solutions are the property of Bangkok Solutions and are distributed to personnel by the company.
Data Center Security
Physical security of data centers is ensured by Bangkok Solutions’s cloud infrastructure service provider: Google Cloud Provider.
Revision History
Version | Date | Editor | Description of Changes |
V1 | October 1st, 2021 | Bangkok Solutions | Initial Creation |