Physical Security

Establish subservice and/or contractor responsibilities (review of existing agreements/contractors)

• Identify gaps

• Write controls to fill gaps

Write physical controls

Establish control test and key performance metrics

Establish control testing frequencies

Perform control testing, customer to supply evidence

Generate monthly reports

Determine scope (data center or non-data center only)

Write Physical Security Policy (NIST PE)

Write physical security procedure