1. Framework FAQs

ISO 27001: 2022 A.7.8 Equipment siting and protection

This article provides additional information on how you can meet the requirement for the ISO 27001: 2022 A.7.8 Equipment siting and protection.

ISO 27001: 2022 Control Description

Equipment shall be securely sited and protected.

Purpose

To reduce the risks posed by physical and environmental threats, as well as from unauthorised access and damage.

Guidance on implementation

The following guidelines should be considered to protect equipment:

a) Positioning equipment to minimise unnecessary access to work areas and to prevent unauthorised access.

b) Strategically placing information processing facilities that handle sensitive data to reduce the risk of unauthorised persons viewing information during use.

c) Implementing controls to mitigate the risk of potential physical and environmental threats (e.g., theft, fire, explosives, smoke, water (or water supply failure), dust, vibration, chemical exposure, electrical supply interference, communications interference, electromagnetic radiation, and vandalism).

d) Establishing guidelines for eating, drinking, and smoking in the vicinity of information processing facilities.

e) Monitoring environmental conditions, such as temperature and humidity, to prevent conditions that could negatively impact the operation of information processing facilities.

f) Installing lightning protection on all buildings and fitting lightning protection filters to all incoming power and communications lines.

g) Considering the use of special protective methods, such as keyboard membranes, for equipment in industrial environments.

h) Protecting equipment that processes confidential information to minimise the risk of information leakage due to electromagnetic emanation.

i) Physically separating information processing facilities managed by the organisation from those not managed by the organisation.