This Office Security Policy regulates physical access to the Netspective Communications LLC’s facilities and applies to all staff, contractors, or third parties who need access to any physical location owned, operated, or occupied by the Netspective Communications LLC, excluding the Netspective Communications LLC data center which is governed by a separate policy.
Management responsibilities
- To put appropriate entry controls in place for secure areas.
- To use security personnel, identification badges, or electronic key cards to validate employee access to facilities.
- To confirm that the visitor and guest access procedure has been followed by host staff.
- To periodically review the list of individuals with physical access to facilities.
- To keep card access records and visitor logs for a minimum of 90 days and periodically review them for unusual activity.
Key access & card systems
- Employees shall not share or loan access cards/keys to others.
- Access cards/keys shall not have identifying information other than a return mail address.
- Employees shall return access cards/keys to Human Resources when they no longer need them.
- Employees shall immediately report lost or stolen access cards/keys.
- If an employee changes to a role that no longer requires physical access or leaves the Netspective Communications LLC, their access cards/keys will be suspended.
- Human Resources will regularly review physical security privileges and access logs.
Staff & contractor access procedure
- Human Resources will grant access to physical locations to employees and contractors based on individual job function.
- Human Resources will issue a physical key or access key card to any individual granted access to physical spaces. They will track key and card issuance, which will be periodically reviewed.
- In case of termination, the off-boarding procedure will ensure that Human Resources immediately revokes access. This will include the collection of keys, access cards, and any other asset used to enter facilities.
Visitor & guest access procedure
The identification and authorization of visitors and guests will follow the following policies:
- A staff member must provide written onsite authorization for all visitors.
- Visitor access will be tracked using a sign-in/out log, which will contain the visitor’s name, the firm they represent, the purpose of the visit, and the onsite personnel authorizing access.
- The log will be retained for a minimum of 90 days.
- Visitors will be given a badge or other identification that visibly distinguishes them from onsite personnel.
- Visitors must surrender their badges before leaving the facility.
Audit controls & management
The Netspective Communications LLC should have documented procedures and evidence of practice in place. Acceptable controls and procedures include:
- Maintaining visitor logs.
- Following access control procedures.
- Using operational key-card access systems.
- Implementing video surveillance systems with retrievable data.
- Maintaining ledgers when issuing physical keys.