IVI Framework Viewer

Physical Infrastructure Security

B3

Establish and maintain measures to safeguard the IT physical infrastructure from harm. Threats to be addressed include extremes of temperature, malicious intent, and utility supply disruptions.

Improvement Planning

Practices-Outcomes-Metrics (POM)

Representative POMs are described for Physical Infrastructure Security at each level of maturity.

1Initial
  • Practice
    Secure sensitive systems such as payroll and cheque printing.
    Outcome
    Some network equipment and systems have been physically secured.
    Metric
    % Critical systems in secure locations
2Basic
  • Practice
    Identify and secure locations of critical and sensitive IT infrastructure components, and sensitive information storage locations (e.g. confidential printed reports).
    Outcome
    A cross functional appreciation of the need for security is emerging and physical measures are obvious unlike many other measures that are implemented in electronics or software. IT and facilities departments co-operate in physical security provision.
    Metric
    % Critical systems in secure locations % People with authorized access.
3Intermediate
  • Practice
    Develop an integrated IT and physical environment security system for access and environmental controls.
    Outcome
    IT and knowledge sensitive areas are physically secured and monitored for intrusion and attack in IT and other participating business units.
    Metric
    # Access incidents # Environment incidents % Manually detected incidents
4Advanced
  • Practice
    Integrate physical environment security with access controls and surveillance systems organization-wide.
    Outcome
    Security awareness and staff vigilance re-enforce security efforts at all levels. Incident responses relating to physical security incidents are improved and easier to coordinate.
    Metric
    % Environment monitoring equipment centrally managed % Devices monitored for unauthorized tampering
5Optimized
  • Practice
    Regularly review and improve physical environment security across the business ecosystem.
    Outcome
    The effectiveness of physical environment monitoring and security is maintained at a level appropriate to the business ecosystem.
    Metric
    # Sites overdue a review % Sites with outstanding improvement actions.