Docy Child

PS-1 Office access

Estimated reading: 2 minutes 180 views

What is this control really about?

This control is about ensuring that if there is a physical office, the office is secured and protected against unauthorized access to the office.

There are a few core parts of securing any physical office security system that can include deciding who enters the building, monitoring the workspace and ensuring it is safe and usable for the employees, securing the front doors with keys and alarms, installing surveillance cameras, etc… This can also include protecting the office from theft, physical damage and environmental threats.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, because we haven’t personally used them. 

Johnson Controls

Available templates

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

  • An available template from secureFR
  •  A copy of an available template policy from the Michigan

What is required to implement this control?

First, you have to define and document the practices you want to have in place to protect and secure your office and or facility. The templates above, can provide guidance or help on how to define and document a policy.

Secondly, you need to implement physical controls to guard your office or facility. In an office, starting with a process for visitors is usually the first starting point.  A visitor log to record office access and visitor badges are a good way to start.

An automated physical security system can be implemented to record physical access to your office. Badges for employees distinguished from visitor badges can be installed.

What evidence is the auditor looking for?

  • Documented process of your physical security controls
  • A most recent visitor log or access entries log to your office

An example of what an artifact can look like

  1. Documented process of your physical security controls

PS 1 1


  1. A most recent visitor log or access entries log to your office

PS 1 2

Join the conversation

Twitter Facebook LinkedIn

❤️  Joyfully crafted by a 100% distributed team.