6 |
Physical and Environmental Security (CC-16000, semi-annual audit )
- Access to computer server rooms shall be controlled (e.g. by card swiping technology).
- Computer server rooms shall be equipped with fire prevention facilities that shall be inspected regularly.
- Natural disasters like earthquakes and floods etc. shall also be factored in.
- The power supply system of computer equipment shall include uninterruptible equipment and a power generator.
- Procedures for retirement and disposal of equipment shall be established. Prior to their retirement and disposal, any confidential or sensitive data and licensed software shall be removed, overwritten for security purposes, or physically destroyed. It shall be ensured that data stored in computer hard drives and storage media cannot be restored after retirement and disposal. Records of the retirement and disposal shall be retained.
- The company shall periodically review the security authorization for access to information equipment rooms.
|
|