Content library
ISO 27001 (2013): Full
11.1.3: Securing offices, rooms and facilities

How to fill the requirement

ISO 27001 (2013): Full

11.1.3: Securing offices, rooms and facilities

Task name
Priority
Status
Theme
Policy
Other requirements
Safe placement of equipment
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Equipment maintenance and safety
requirements

Task is fulfilling also these other security requirements

Toiminnan jatkuvuuden hallinta
Katakri
F08: Toiminnan jatkuvuuden varmistaminen
Katakri
11.1.3: Securing offices, rooms and facilities
ISO27 Full
11.2.1: Equipment siting and protection
ISO27 Full
11.1.4: Protecting against external and environmental threats
ISO27 Full
1. Task description

For example, data processing equipment, as well as other important equipment, should be placed in the premises safely and with consideration. Placement should restrict unauthorized access to devices.

Strong authentication for processing or storage areas of highly confidential information
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Property security
requirements

Task is fulfilling also these other security requirements

11.1.1: Physical security perimeter
ISO27 Full
11.1.3: Securing offices, rooms and facilities
ISO27 Full
PR.AC-2: Physical access control
NIST
DE.CM-2: The physical environment monitoring
NIST
FYY-03: Tiedon käsittely
Julkri
1. Task description

Access to areas where confidential information is handled or stored should be restricted to authorized individuals through appropriate access control, e.g. using a two-step authentication mechanism such as an access card and a passcode.

Preventing unauthorized viewing personal data
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Property security
requirements

Task is fulfilling also these other security requirements

F06: Salakatselulta suojautuminen
Katakri
11.1.3: Securing offices, rooms and facilities
ISO27 Full
6.6.4: Fyysisten tilojen, laitteiden ja tulosteiden turvallisuus
Self-monitoring
FYY-05.2: Turvallisuusalue - Salaa katselun estäminen
Julkri
7.3: Securing offices, rooms and facilities
ISO27k1 Full
1. Task description

Irrespective of the form in which the information is presented, personal data or other confidential information shall be processed in such a way that the information isn't disclosed for outsiders.

Preventing eavesdropping
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Property security
requirements

Task is fulfilling also these other security requirements

F07: Salakuuntelulta suojautuminen
Katakri
11.1.3: Securing offices, rooms and facilities
ISO27 Full
6.6.4: Fyysisten tilojen, laitteiden ja tulosteiden turvallisuus
Self-monitoring
FYY-05.1: Turvallisuusalue - Äänieristys
Julkri
7.3: Securing offices, rooms and facilities
ISO27k1 Full
1. Task description

Conversations concerning personal data or other confidential information shall not be conveyed to adjacent premises to those who do not have the right to information.

Electromagnetic data breach management
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Equipment maintenance and safety
requirements

Task is fulfilling also these other security requirements

I14: Hajasäteily (TEMPEST)
Katakri
11.1.3: Securing offices, rooms and facilities
ISO27 Full
11.2.1: Equipment siting and protection
ISO27 Full
PR.DS-2: Data-in-transit
NIST
FYY-01.1: Fyysisen turvallisuuden riskien arviointi - TEMPEST - TL III
Julkri
1. Task description

Electronic devices such as cables, monitors, copiers, tablets and smartphones leak electromagnetic radiation, from which it is possible to find out the original transmitted data with the right hardware and, for example, steal the entered username and password.

Openings in the premises' structures (windows, doors, air conditioning) are protected to prevent radiation from escaping. In addition, equipment handling confidential data is located so as to minimize the risk of leakage due to electromagnetic leakage.

No items found.