Background

----------

ISO/IEC 27002:2022 clause 7.4 indicates that "Premises should be continuously

monitored for unauthorized physical access [in order] to detect and deter
unauthorized physical access."

Policy statements
-----------------

1. Physical premises, especially those housing critical IT systems etc., should

be monitored continuously by surveillance systems such as security guards, intruder
alarms and CCTV coverage.

2. CCTV systems should record access to sensitive areas, whether inside or

outside the premises.

3. Contact, sound or motion detectors should trigger intruder alarms.

4. Alarm systems should cover all external doors, accessible windows and
unoccupied areas.

5. Since the design/specification, operation and output of physical

security/monitoring systems and guarding arrangements is confidential, access
should be restricted accordingly. However, an alarm system control panel should be
located in an alarmed zone and should be readily accessible to responding workers
or emergency services.

6. Alarm systems should be competently tested at planned intervals.

Notes
-----

This is a �skeleton� policy providing just the bare bones, the basic foundations on
which to construct a custom policy for your organisation. Jump-start the process
by visiting www.SecAware.com for a more comprehensive customisable policy template
in MS Word.