PS-2 – Equipment Room

What is PS-2 – Equipment Room Control?

Equipment Room control is about protecting your equipment room. Equipment room refers to any room in your office or facility that houses sensitive equipment such as a server, networking switches, firewalls, and cabling. Protecting such equipment might require restricting access to specific people or surveillance equipment.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, as we haven’t used them.

Tools

IdentiSys

SecureID

Johnson Controls

Evolis

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version.

• An available template from secureFR
• A copy of an available template policy from the Michigan

Control implementation

To implement this control,

1. You have to define and document the practices to protect a secure equipment room. The templates above, provide guidance or help on how to define and document a policy.
2. You need to implement physical controls to guard your equipment room. An entry log, automated physical security system can be implemented to record physical access to the equipment room.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action.

1. Documented process of your physical security controls
2. A most recent access entry log (badge access log) to the equipment room

Evidence example

For the suggested action, an example is provided below:

1. Documented process for your physical security controls.
   The following screenshot shows a sample of the “Physical Protection Policy”.
   
2. A most recent access entry log (badge access log) to the equipment room.
   The following screenshot shows the access log.
   Note: This example is an access log for the entire building, not just the equipment room.