ID.RA-01.150

Has your organization conducted a comprehensive physical security assessment of all facilities housing critical computing assets within the past 12 months?

Explanation

Physical security vulnerabilities can compromise even the most robust digital security measures. This assessment should identify potential physical access weaknesses, environmental threats (fire, flood, power issues), and evaluate the effectiveness of existing physical controls such as access cards, biometrics, security cameras, and guards. The assessment should also evaluate resilience factors like backup power systems, cooling redundancies, and disaster recovery capabilities. Evidence could include a formal physical security assessment report conducted by qualified personnel (internal or external), which documents identified vulnerabilities, risk ratings, and recommended remediation actions with implementation timelines.

Implementation Example

Assess facilities that house critical computing assets for physical vulnerabilities and resilience issues

ID: ID.RA-01.150

Context

Function: ID: IDENTIFY
Category: ID.RA: Risk Assessment
Sub-Category: Vulnerabilities in assets are identified, validated, and recorded

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub