Overview

Physical security is designed to deny unauthorized access to facilities, equipment and resources, and to protect personnel and property from damage or harm.  

Physical security is an underestimated, often overlooked aspect of securing your computer and its data. Physical safeguards are simple but highly effective ways to protect your company's information assets. The Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA) along with other State and Federal Regulations now require organizations to adopt formal security programs to protect personal, non-public information.

Generally speaking, regulations require covered entities to implement administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic protected information (EPI). An important step in the defense of EPI is to implement reasonable and appropriate physical safeguards against environmental hazards and unauthorized intrusion. Compliance with HIPAA, GLBA, and other federal regulations require an evaluation of the security controls already in place, an accurate and thorough risk analysis, and a series of documented solutions derived from a number of factors unique to each covered entity.

Facility access controls

Physical security elements are safeguards enacted to ensure only authorized individuals have access to various physical locations, such as corporate facilities, data warehouses, computer operation centers, and any other critical areas. 

asset protection

Physical security consists of the various measures for protecting an organizations assets, to include: 

• people
• property
• tangible goods
• services
• products

Physical security is a critical component of one's risk assessment and risk management framework.  Mitigating vulnerabilities is a significant return on investment (ROI).