Physical Security Policy for IT Infrastructure

• Table of Contents

  • EDC Inc Physical Security Policy for IT Infrastructure
  • 1.0 Purpose
  • 2.0 Scope
  • 3.0 Policy
  • 3.1 Physical Access Control
  • 3.2 Server Security
  • 3.3 Workstation Security
  • 3.4 Incident Management
  • 4.0 Enforcement
  • 5.0 Review and Maintenance
  • Summary

EDC Inc Physical Security Policy for IT Infrastructure

This policy outlines the physical security measures that EDC Inc has implemented to protect its IT infrastructure. It is designed to provide a comprehensive framework for ensuring the integrity, confidentiality, and availability of EDC Inc’s information assets.

1.0 Purpose

The purpose of this policy is to establish guidelines for the physical security of EDC Inc’s IT infrastructure. This includes, but is not limited to, servers, network equipment, and user workstations.

2.0 Scope

This policy applies to all EDC Inc employees, contractors, and third-party service providers with access to EDC Inc’s IT infrastructure.

3.0 Policy

3.1 Physical Access Control

Access to EDC Inc’s IT infrastructure is strictly controlled by the Corporate Physical Security department. Only authorized personnel from IT Server Operations and IT Server Build Operations are allowed physical access to servers and network equipment.

• All access requests must be approved by the respective IT Director and logged in the CMDB.
• Access logs will be reviewed regularly by IT Audit and Compliance.

3.2 Server Security

All servers must be housed in secure, access-controlled server rooms. The IT Server Operations department is responsible for the physical security of servers.

• Servers must be patched every 30 days by IT Server Operations, unless an IT Exception is approved by IT Security.
• Any changes to server configurations must be approved by the CAB and logged in the CMDB.

3.3 Workstation Security

Workstations must be secured against unauthorized access. The IT Security Operations department is responsible for implementing and maintaining workstation security measures.

• User and service accounts are managed in Active Directory.
• Workstations must be locked when unattended.

3.4 Incident Management

The IT-SOC is responsible for managing security incidents. All incidents must be reported to the IT-SOC immediately.

• Incidents will be logged and tracked in the CMDB.
• The IT-SOC will coordinate with other departments as necessary to resolve incidents.

4.0 Enforcement

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

5.0 Review and Maintenance

This policy will be reviewed annually by IT Audit and Compliance. Any changes to the policy must be approved by the CAB.

Summary

The Physical Security Policy for IT Infrastructure at EDC Inc is designed to protect the company’s IT assets from physical threats. The policy outlines the responsibilities of various departments in maintaining physical security, including access control, server security, workstation security, and incident management. By adhering to this policy, EDC Inc aims to ensure the integrity, confidentiality, and availability of its IT infrastructure.