PR.AA-06.213

Does your organization have a formal escort policy requiring all guests, vendors, and third parties to be accompanied by authorized personnel when accessing areas containing business-critical assets?

Explanation

This control prevents unauthorized access to sensitive areas and reduces the risk of data breaches, theft, or sabotage by requiring continuous supervision of non-employees. Without proper escort procedures, visitors might inadvertently or deliberately access, damage, or compromise critical systems, infrastructure, or sensitive information. Evidence of compliance could include: a documented visitor escort policy, visitor logs showing escort assignments, physical access control procedures that specify escort requirements, or security awareness training materials that cover visitor escort protocols.

Implementation Example

Escort guests, vendors, and other third parties within areas that contain business-critical assets

ID: PR.AA-06.213

Context

Function: PR: PROTECT
Category: PR.AA: Identity Management, Authentication, and Access Control
Sub-Category: Physical access to assets is managed, monitored, and enforced commensurate with risk

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub