Framework FAQs
      Back to home
      2. Framework FAQs

      ISO 27001: 2022 A.7.1 Physical security perimeters

      This article provides additional information on how you can meet the requirement for the ISO 27001: 2022 A.7.1 Physical security perimeters.

      ISO 27001: 2022 Control Description

      Security perimeters shall be defined and used to protect areas that  contain information and other associated assets.

      Purpose

      To prevent unauthorised physical access, damage, and interference with the organisation’s information and other associated assets.

      Guidance on implementation

      The following guidelines should be considered and implemented where appropriate for physical security perimeters:

      a) Defining security perimeters and determining the siting and strength of each perimeter in accordance with security requirements;

      b) Ensuring that the perimeters of buildings or sites containing information processing facilities are physically sound (i.e., there should be no gaps in the perimeter or areas where a break-in could easily occur). The exterior roofs, walls, ceilings, and floors of the site should be of solid construction, and all external doors should be suitably protected against unauthorised access with control mechanisms (e.g., bars, alarms, locks). Doors and windows should be locked when unattended, and external protection should be considered for windows, particularly at ground level; ventilation points should also be addressed;

      c) Alarming, monitoring, and testing all fire doors on a security perimeter, along with the walls, to establish the required level of resistance in accordance with appropriate standards. They should operate in a fail-safe manner.

      Other Information

      Physical protection can be achieved by creating one or more physical barriers around the organisation’s premises and information processing facilities.

      A secure area can be a lockable office or several rooms surrounded by a continuous internal physical security barrier. Additional barriers and perimeters may be necessary to control physical access between areas with different security requirements inside the security perimeter.

      The organisation should consider having physical security measures that can be strengthened during increased threat situations.