Physical & Environmental Controls
Purpose
Bramble Implement layers of physical security and environmental controls that work together to protect both physical and digital assets from theft and damage.
Scope
This control applies to all Bramble endpoint workstations as well as virtual assets within our hosting providers.
Ownership
- IT Operations owns the workstation assets portion of this control
- Infrastructure owns the system and service portions of this control
Controls
| Control Number | Control Title | Control Statement | Goal | TOD | TOE |
|---|---|---|---|---|---|
| PES-01 | Physical & Environmental Protections | Bramble Group Corp. has established mechanisms to facilitate the operation of physical and environmental protection controls. | Does the organization facilitate the operation of physical and environmental protection controls? | 1. Inspect formal policies, procedures or other relevant documentation that outlines mechanisms used to conduct the implementation and operations of physical and environmental protection controls. 2. Examine policies and procedures for: Purpose; Scope; Roles and responsibilities; Management commitment; Coordination among organizational entities; Compliance; and Implementation requirements. |
1. Examine formal policies, procedures or other relevant documentation to appropriately identify how physical and environmental protection controls are conducted. 2. Interview key organizational personnel within Bramble conducting discussions for evidence that mechanisms exist to conduct physical and environmental security and document in accordance to TOD. |
| PES-02 | Physical Access Authorizations | Bramble Group Corp. has implemented physical access control mechanisms to maintain a current list of personnel with authorized access to organizational facilities based on the position or role of the individual, (except for those areas within the facility officially designated as publicly accessible). | Does the organization maintain a current list of personnel with authorized access to organizational facilities (except for those areas within the facility officially designated as publicly accessible)? | 1. Inspect formal policies, procedures or other relevant documentation that outlines physical control for authorized access. 2. Examine policies and procedures for: Purpose; Scope; Roles and responsibilities; Management commitment; Coordination among organizational entities; Compliance; and Implementation requirements. |
1. Examine formal policies, procedures or other relevant documentation to appropriately identify how physical and environmental protection controls are conducted with regards to authorized access. 2. Interview key organizational personnel within Bramble conducting discussions for evidence that mechanisms exist to conduct physical and environmental security and document in accordance to TOD. |
| PES-03 | Physical Access Control | Bramble Group Corp. has implemented physical access control mechanisms to enforce physical access authorizations for all physical access points (including designated entry/exit points) to facilities (excluding those areas within the facility officially designated as publicly accessible). | Does the organization enforce physical access authorizations for all physical access points (including designated entry/exit points) to facilities (excluding those areas within the facility officially designated as publicly accessible)? | 1. Identify policies and procedures responsible for physical access authorizations. 2. Examine policies and procedures for: Purpose; Scope; Roles and responsibilities; Management commitment; Coordination among organizational entities; Compliance; and Implementation requirements. |
1. Examine formal policies, procedures or other relevant documentation to appropriately identify how physical access controls are conducted and monitored with regards to authorized physical access such as access logs and/or, inventory of physical access devices. 2. Interview key organizational personnel within Bramble conducting discussions for evidence that mechanisms exist to conduct physical access security and document in accordance to TOD. |