IVI Framework Viewer

Representative POMs are described for Physical Infrastructure Security at each level of maturity.

1Initial

• Practice

  Secure sensitive systems such as payroll and cheque printing.

  Outcome

  Some network equipment and systems have been physically secured.

  Metric

  % Critical systems in secure locations

2Basic

• Practice

  Identify and secure locations of critical and sensitive IT infrastructure components, and sensitive information storage locations (e.g. confidential printed reports).

  Outcome

  A cross functional appreciation of the need for security is emerging and physical measures are obvious unlike many other measures that are implemented in electronics or software. IT and facilities departments co-operate in physical security provision.

  Metric

  % Critical systems in secure locations % People with authorized access.

3Intermediate

• Practice

  Develop an integrated IT and physical environment security system for access and environmental controls.

  Outcome

  IT and knowledge sensitive areas are physically secured and monitored for intrusion and attack in IT and other participating business units.

  Metric

  # Access incidents # Environment incidents % Manually detected incidents

4Advanced

• Practice

  Integrate physical environment security with access controls and surveillance systems organization-wide.

  Outcome

  Security awareness and staff vigilance re-enforce security efforts at all levels. Incident responses relating to physical security incidents are improved and easier to coordinate.

  Metric

  % Environment monitoring equipment centrally managed % Devices monitored for unauthorized tampering

5Optimized

• Practice

  Regularly review and improve physical environment security across the business ecosystem.

  Outcome

  The effectiveness of physical environment monitoring and security is maintained at a level appropriate to the business ecosystem.

  Metric

  # Sites overdue a review % Sites with outstanding improvement actions.