PS-2 – Equipment Room

What is this control really about?

This control is about protecting your equipment room. Equipment room refers to any room in your office or facility that houses sensitive equipment such as a server, networking switches, firewalls, cabling. Protecting such equipment might require restricting access to specific people, surveillance equipment.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, because we haven’t personally used them. 

Available templates

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

• An available template from secureFR
•  A copy of an available template policy from the Michigan

What is required to implement this control?

First, you have to define and document the practices you want to have in place to protect a secure equipment room. The templates above, can provide guidance or help on how to define and document a policy.

Secondly, you need to implement physical controls to guard your equipment room. An entry log, automated physical security system can be implemented to record physical access to the equipment room.

What evidence is the auditor looking for?

• Documented process of your physical security controls
• A most recent access entries log (badge access log) to the equipment room

An example of what an artifact can look like

1. Documented process of your physical security controls

2. A most recent access entries log (badge access log) to the equipment room

Note: this example, is an access log for an entire building, not just the equipment room.