PS-3 – Visitor Room

What is this control really about?

This control is about ensuring that there are proper procedures in place to host visitors in your office.

Unexpected visitors wandering through the office put your employees, visitors, and intellectual property at risk, as such it is critical to do proper vetting before letting any external person in your organization.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, because we haven’t personally used them. 

Available templates

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

• An available template from secureFR
•  A copy of an available template policy from the Michigan

What is required to implement this control?

First, you have to define and document the practices you want to have in place for your visitors. Without a policy that dictates the specific conditions in which visitors are allowed into your office and facility such as what times of day visitors are allowed in and which specific areas of the facility are off-limits.

Secondly, you need to implement physical controls such as a visitor log to record office access and visitor badges are a good way to start. An automated physical security system can be implemented to record physical access to your office. Badges for employees distinguished from visitor badges can be installed.

What evidence is the auditor looking for?

• Documented process of your physical security controls
• A most recent visitor log or access entries log to your office

An example of what an artifact can look like

1. Documented process of your physical security controls

2. A most recent visitor log or access entries log to your office