9/15/21, 12:34 PM ISO27001:2005 A9 Physical & Environmental Security Checklist - SafetyCulture

GO DIGITAL TODAY

Convert your paper

checklists into digital forms
Scan this QR code to use this
paper checklist on your
smartphone or tablet. Visit

www.iauditor.com

A9 Physical and Environmental Security

A9.1 Secure Areas

A9.1.1 Are security perimeters (e.g. walls, card-controlled entry gates or manned reception
desks) used to protect areas which contain information and information processing
facilities?

Yes No N/A

A9.1.2 Are secure areas protected by appropriate entry controls to ensure only authorised
personnel are allowed access?

Yes No N/A

A9.1.3 Are physical security for offices, rooms and facilities designed and applied?

Yes No N/A

A9.1.4 Is physical protection against damage from fire, flood, earthquake, explosion, civil
unrest and other forms of natural or man-made disaster designed and applied?

Yes No N/A

https://public-library.safetyculture.io/products/iso270012005-a9-physical-and-environmental-security 1/5
9/15/21, 12:34 PM ISO27001:2005 A9 Physical & Environmental Security Checklist - SafetyCulture

A9.1.5 Are physical protection and guidelines for working in secure areas designed and
applied?

Yes No N/A

A9.1.6 Are access points such as delivery and loading areas (& other points) where
unauthorised persons may enter the premises controlled, and if possible, isolated from
information processing facilities to avoid unauthorised access?

Yes No N/A

A9.2 Equipment Security

A9.2.1 Is equipment sited or protected to reduce risks from environmental threats and
hazards and opportunities for unauthorised access?

Yes No N/A

A9.2.2 Is equipment protected from power failures and other disruptions caused by failures
in supporting utilities?

Yes No N/A

A9.2.3 Are power and telecommunications cabling carrying data or supporting information
protected from interception or damage?

Yes No N/A

https://public-library.safetyculture.io/products/iso270012005-a9-physical-and-environmental-security 2/5
9/15/21, 12:34 PM ISO27001:2005 A9 Physical & Environmental Security Checklist - SafetyCulture

A9.2.4 Is equipment correctly maintained to ensure it continued availability and integrity?

Yes No N/A

A9.2.5 Is security applied to off-site equipment taking into account the different risks of
working outside the organisations premises?

Yes No N/A

A9.2.6 Are all items of equipment containing storage media checked to ensure that any
sensitive data and licensed s/w has been removed or securely overwritten prior to disposal
or re-use?

Yes No N/A

A9.2.7 Is there a mechanism to ensure that equipment, information or s/w are not taken off-
site without prior authorisation?

Yes No N/A

Major non-conformances

https://public-library.safetyculture.io/products/iso270012005-a9-physical-and-environmental-security 3/5
9/15/21, 12:34 PM ISO27001:2005 A9 Physical & Environmental Security Checklist - SafetyCulture

List any MAJOR non-conformances

Enter text

Minor non-Conformances

List all MINOR non-conformances

Enter text

Observations and opportunities for improvemement

https://public-library.safetyculture.io/products/iso270012005-a9-physical-and-environmental-security 4/5
9/15/21, 12:34 PM ISO27001:2005 A9 Physical & Environmental Security Checklist - SafetyCulture

List any observations or opportunities for improvement

Enter text

Sign off the audit 

Please note that this checklist is a hypothetical example and provides basic information only. It is not intended
to
take the place of, among other things,
workplace, health and safety advice; medical advice, diagnosis, or
treatment;
or other applicable laws. You should also seek your own professional advice to
determine if the use of such
checklist is
permissible in your workplace or jurisdiction.

https://public-library.safetyculture.io/products/iso270012005-a9-physical-and-environmental-security 5/5