T2.3.1 - EQUIPMENT SITING AND PROTECTION Implementation Guidance
The entity shall site and protect equipment.
Back to T2.3.1 - P2 - EQUIPMENT SITING AND PROTECTION
The following guidelines should be considered to protect equipment:
- A. Equipment should be sited to minimize unnecessary access into work areas
- B. Information systems handling sensitive data should be positioned carefully to reduce the risk of information being viewed by unauthorized persons during their use
- C. Storage facilities should be secured to avoid unauthorized access
- D. Items requiring special protection should be safeguarded to reduce the general level of protection required
- E. Controls should be adopted to minimize the risk of potential physical and environmental threats, e.g. theft, fire, explosives, smoke, water (or water supply failure), dust, vibration, chemical effects, electrical supply interference, communications interference, electromagnetic radiation and vandalism
- F. Guidelines for eating, drinking and smoking in proximity to information systems should be established
- G. Environmental conditions, such as temperature and humidity, should be monitored for conditions, which could adversely affect the operation of information systems
- H. Lightning protection should be applied to all buildings and lightning protection filters should be fitted to all incoming power and communications lines
- I. The use of special protection methods, such as keyboard membranes, should be considered for equipment in industrial environments
- J. Equipment processing confidential information should be protected to minimize the risk of information leakage due to electromagnetic emanation
