This policy sets out physical security controls which assist in the personal protection of employees and visitors.
All employees, visitors and contractors must comply with the policy.
Physical security protects and preserves physical, human and information assets from threats such as natural disaster, vandalism, theft, accidental damage etc.
In general terms, physical security means preventing unauthorised access to buildings and other physical assets.
This policy details the framework for management, installation and maintenance of:
- Intruder Alarm Systems including security perimeter protection
- Access Control Systems including card systems
- Wireless Access Point Testing including the identification of unauthorised APs
- Closed Circuit Television (CCTV) Systems
Physical Security involves a balance between physical presence and use of technology. The level of physical presence, e.g. patrols and guarding, is an ongoing evaluation/assessment and the use of technology will require constant monitoring to ensure it is working and operating as intended.
Physical Security requires appropriate layering of physical and technical security such as appropriate building construction, suitable emergency preparedness, reliable power supplies, adequate climate control, alarm systems and CCTV.
Infinity Works will:
- Secure the perimeters of its offices and take all reasonable measures to prevent unauthorised access
- Reserve the right to limit access to the building to employees, visitors, clients and contractors
- Take additional security measures to protect high value assets and confidential documentation storage areas
- Provide additional security measures to ensure the protection of employees and equipment. These measures include, where applicable:
- The requirement for all high value assets (e.g. laptops and monitors) to be marked with an asset tag
- Use CCTV surveillance in sensitive or higher risk areas where applicable:
- The provision of building Security Staff that are trained and authorised to operate and monitor CCTV equipment, during hours when the building is accessible to the public
Infinity Works will adopt the following items of security equipment:
- Intruder Alarm Equipment for designated fire doors
- Access Control Systems including Identity Cards
- CCTV surveillance and CCTV recording equipment
- Door furniture, locks and suiting
Infinity Works reserves the rights to:
- Conduct spot checks to ensure that individuals gaining access to Infinity Works property can provide evidence that they are genuine employees, visitors or contractors to the premises.
- Require individuals who cannot provide evidence that they are genuine staff, or visitors to leave the premises.
- Request police assistance in the event of any criminal offence being committed on or to Infinity Works property.
- Intruder Alarms and Access Control Systems operate in some areas.
- Card controlled doors are in use across Infinity Works offices.
- Access cards should be treated in the same way as a key - cardholders must safeguard their card and report any loss to the ISMS Committee and / or the Admin Team as soon as possible, so the card access can be cancelled.
- Access to the Access Control System is restricted to authorised personnel only.
Infinity Works may share CCTV footage (unless unlawful to do so) for the purpose of identifying potential hostile intruders, or to seek evidence of attempted or actual hostile intrusion. Access to the CCTV system is restricted to authorised personnel only.
Infinity Works will undertake quarterly WAP testing in Infinity Works offices to identify rogue access points which could be connected to the network. This will be facilitated by an inventory of authorised WAPs.
See Security Incident Reporting Policy
Shared responsibility for security rests with all employees, contractors and visitors.
Everyone should report all activity, suspected or real, of a criminal nature or any suspicious activity immediately (see Hostile Intruders section below) to the Infinity Works Operations Manager or Building Security.
- Development, planning and implementation of physical security strategy
- Policies, specification, procedures and the monitoring of their effectiveness
- Investigation of breaches in physical security and related crimes
- Liaison with police, emergency services and local authorities
- Follow the procedures in the Physical Security Policy.
- Report any issue that could potentially facilitate access to a facility by a hostile intruder e.g. maglocks not connecting / locking, external fire doors being left open and unmonitored.
- Adhere to the relevant sections of this policy and to give due consideration to physical security issues.
- Follow security procedures designed to protect Infinity Works property.
- Follow instructions from their point of contact in emergency situations.
If identification, a point of contact, or purpose for being within an Infinity Works office cannot be established, contact the Operations Manager or any member of the ISMS Committee who will take action, e.g. ask the individual to leave, and call the police.
Hostile Intruders can be classed as anyone attempting to gain access to Infinity Works offices in order to gain information on the business, our customers or cause disruption.
- Anyone acting suspiciously should be challenged (having regard to you physical safety) e.g. people loitering, vehicles moving slowly or repeatedly around the site perimeter, or someone taking photographs of the buildings etc. Any activity or behaviour of this nature is classed as hostile reconnaissance.
- All instances of perceived hostile reconnaissance should be reported immediately, no matter how trivial. It is better to report your suspicions, even if they transpire to be unfounded, than to fail to report something significant.
- At this point as much detail as possible (having regard to your physical safety) should be recorded regarding the individual(s) / vehicle identified as being potentially hostile. You will never be able to obtain too much information but for every incident we should be recording, where relevant, the vehicle make / model / colour / registration / number of occupants / description of individual(s) identified / sex / height / build / hair colour / clothing / distinguishing features.
Questions and details to be passed to the police wherever possible (having regard to your physical safety):
- Name
- Intentions
- Are they acting alone?
- Have they left anything in the building
- Time arrived on site
- Areas of the building visited
While you attempt to gain this information, contact the Operations Manager and ISMS Committee.