This work program sample can be used to perform an audit of the physical security of your IT facilities.  It is structured to guide through a systematic review of critical areas, including building access controls, data center security, and the protection of supporting infrastructure such as telecommunications and emergency power sources. The program outlines detailed audit procedures and questions designed to assess current security states and identify vulnerabilities, ensuring that only authorized personnel can access sensitive areas.

By implementing the best practices outlined in the document, organizations can establish stringent access controls, conduct thorough risk assessments, and develop comprehensive security training for staff. Additionally, the program addresses specific risks such as unauthorized access to programming areas and the potential for theft or disclosure of sensitive information via portable devices. With its structured approach, including timelines and responsibilities, the work program not only aids in compliance with security standards but also fortifies the organization’s defenses against physical threats, thereby safeguarding valuable IT assets and maintaining operational continuity.

According to this tool, if an employee has a change in their job responsibility or is terminated for any reason, all items in their possession that control physical access to information must be returned. These items include:

• Keys to safes and control panels
• Keys to cupboard/filing cabinets
• Keys to entrances/doors
• Terminal/PCs