1. Framework FAQs

ISO 27001: 2022 A.7.6 Working in secure areas

This article provides additional information on how you can meet the requirement for the ISO 27001: 2022 A.7.6 Working in secure areas.

ISO 27001: 2022 Control Description

Security measures for working in secure areas shall be designed and  implemented.

Purpose

To protect information and other associated assets in secure areas from damage and unauthorised interference by personnel working in these areas.

Guidance on implementation

The security measures for working in secure areas should apply to all personnel and cover all activities taking place within the secure area.

The following guidelines should be considered:

a) Ensuring personnel are only made aware of the existence of, or activities within, a secure area on a need-to-know basis.

b) Avoiding unsupervised work in secure areas, both for safety reasons and to reduce the likelihood of malicious activities.

c) Physically locking and periodically inspecting vacant secure areas;

d) Prohibiting the use of photographic, video, audio, or other recording equipment, such as cameras in user endpoint devices, unless authorised.

e) Appropriately controlling the carrying and use of user endpoint devices in secure areas.

f) Posting emergency procedures in a readily visible or accessible manner.