This sample policy establishes operational standards for the physical security of a company’s data center.
In this sample, access to the data center is restricted to IT members, data center keys are issued only to IT members, the director will retrieve the key from the IT member upon termination, lost or stolen keys must be reported immediately to the IT director and the CEO’s executive assistant, visitors must always be escorted while within the company data center, and visitors are not allowed access to the data center without prior authorization from the IT director.
Risk & Control Matrices - RCMs
Manage Security and Privacy RCM
Security Assessment Audit Report