User Tools

Site Tools

You are here: start » corpgov » physical2

Sidebar

Org. Governance

Home

Governance

Organizational Authority

Risk Management Framework

Audit Docs & Tasks

HR Personnel Policies

3.9 HR Policies

Functional/Technical Policies

(Satisfies SOC IS-1 Requirements)

3.1 Access Control

3.2 Awareness & Training Policies

3.3 Audit & Accountability

3.4 Configuration Management

3.5 Identification and Authentication

3.6 Incident Response

3.7 Maintenance

3.8 Media Protection

3.9 HR Policies

3.10 Physical Protection

3.11 Risk Assessment

3.12 Security Assessment

3.13 Systems & Communications Protection

3.14 Systems & Information Integrity

Internal Processes

Breach Notification

Contingency Planning - Internal - CP

Change Management - CM

SaaS App Management

Executive Compliance Directives

DOD Impact Levels

Definitions & References

IT Policy Artifacts

corpgov:physical2

Table of Contents

3.10 - Physical Protection

Control Satisfaction Matrix

Standard Category Controls Satisfied 800-53r4 Controls ISO/SEC 27001 A-lign Controls
NIST 800-171 Physical Protection 3.10.1-3.10.6 PE-2, PE-4, PE-5, PE-6, PE-3, PE-17 A.11.1.2, A.11.2.3, A.11.1.3, A.11.1.1, A.6.2.2, A.11.2.6, A.13.2.1 4.0, 27.0

Major Document History

Date Comment Who
5/13/2019 Initial Doc Tharp
6/21/2019 CO's & Assertions updated with feedback from B&V CPA's Tharp
7/24/2019 A-lign Content Added Tharp
7/30/2019 Strike thru control Objectives Tharp
8/12/2019 Formatting Updates Tharp
8/29/2019 Copied Content For IS-1 SOC submission Tharp
10/6/2021 Policy's Reviewed for Audit Tharp

Purpose and Scope

The purpose of this policy is to address physical IT processing environments such as data centers and to enforce access control to those systems. The Physical Security Policy applies to all individuals that have been granted access to DLZP Group facilities, property and equipment.

Background

DLZP Group uses 100% cloud based IT Processing Services. DLZP Group does not operate any Data Centers. We rely on services from Amazon Web Services and we inherit their data center centric policies through their compliance and 3rd party attestations. We are able to receive regular SOC Type 1, 2 and 3 reports from AWS under an NDA.

AWS Compliance Programs

Policy

3.10.1

DLZP Staffing is comprised of 100% remote workers whom work out of their own domicile. All DLZP workers shall protect their work space and IT systems from family member and guests. DLZP provides cloud based tools and storage for all remote workers. They are directed to use the secure virtual systems from their provided work station. No files should be stored or printed locally.

3.10.2

Out of Scope See 3.10

3.10.3

Out of Scope See 3.10

3.10.4

Out of Scope See 3.10

3.10.5

All DLZP staff is instructed to control both physical and logical access to their work IT systems and not use them for personal purposes.

3.10.6

Out of Scope See 3.10

Response Plan

4.0 Physical Security

4.3 Physical Security Plan

DLZP Group resources must be physically protected in proportion to the criticality, sensitivity, or business importance of their function(s). Due to DLZP's Cloud Only Infrastructure Policy physical security control plans are not required and therefore this category is out of scope.

4.3 - All

Out of Scope See 3.10.1

4.4 Enforcement

Out of Scope See 3.10.1

/opt/bitnami/dokuwiki/data/pages/corpgov/physical2.txt · Last modified: 2021/10/06 21:46 by brian.tharp

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki