Bramble

Physical Security Policy

SOC 2 Criteria: CC6.4 ISO 27001 Annex A: A.11.1, A.11.2.1, A.11.2.2, A.11.2.3, A.11.2.5, 11.2.6

Keywords: Access Requirements, Asset Security

Purpose

The Physical Security Policy establishes requirements to ensure that Bramble’s information assets are protected by physical controls that prevent tampering, damage, theft or unauthorized physical access. As Bramble is a 100% remote company, and therefore does not have a physical office building, this policy defines the following controls and acceptable practices:

  • Personnel access controls
  • Protection of equipment stored off-site

Scope

This policy applies to all users of information systems within Bramble, which typically include employees and contractors, as well as any external parties that have physical access to the company’s information systems. This policy must be made readily available to all users.

Background

It is the goal of Bramble to safeguard information both virtually and physically, as well to provide a safe and secure environment for all employees. As such, access to the Bramble devices is limited to authorized individuals only. All workforce members are responsible for reporting an incident of unauthorized visitor and/or unauthorized access to Bramble’s facility.

Roles and Responsibilities

Bramble’s Security Officer is responsible for updating, reviewing, and maintaining this policy.

Policy

General

  • Do not leave work devices in an unsecured place. Follow the same physical security habits that you would in a work setting: lock your screen when away from your computer, lock your doors, and do not leave your devices in the car.
  • Do not let friends and family use work devices.
  • Enable password protected screen savers to avoid accidental exposure of potentially confidential or sensitive information;
  • Do not leave the laptop unattended in any situation, and place it in a secure location when not in use to prevent unauthorized disclosure;
  • If traveling, the equipment must remain in the possession of the user as hand luggage at all times;
  • Exercise caution with laptops in airports, especially at security screening checkpoints;
  • Immediately report lost or stolen laptops to the Security Officer
  • When traveling away from your home for an extended period of time, work equipment should be taken with the employee or locked away in a secure location, such as a safe, at the employee’s home.

Data Center Security

Physical security of data centers is ensured by Bramble’s cloud infrastructure service provider.

Asset Security

The following factors will be considered and implemented, as applicable per risk assessments, and in conjunction with the following policies: Information Security Policy, Asset Management Policy, Data Protection and Data Classification:

Contribute: Edit in Forestry Edit in Web IDE View Source