Physical and Environmental Policy

This policy establishes physical and environmental protection measures for protecting Netspective Communications LLC’s IT assets from risks. It applies to all IT resources owned or operated by Netspective Communications LLC, and all users are responsible for adhering to it.

Netspective Communications LLC policy defines the incident management standards that every Netspective Communications LLC Business System should follow. Furthermore, they must create or conform to a program plan that exhibits their compliance with the policy and the documented standards.

• PE-1 Physical and Environmental Protection Procedures: - All Netspective Communications LLC Business Systems must develop, adopt, or adhere to a formal, documented physical and environmental protection procedure that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. [FII-SCF-017-PES-01]
• PE-2 Physical Access Authorizations: - All Netspective Communications LLC Business Systems must develop and maintain a list of personnel with authorized access to the facility where the information assets reside (except for those areas within the facility officially designated as publicly accessible). Documentation must also be retained to capture the authorization and provisioning of physical access to all Netspective Communications LLC Business System facilities. Additionally, they must implement a periodic physical access review and approval process to validate the appropriateness of physical access at these locations. [FII-SCF-017-PES-02]
• PE-3 Physical Access Control: - All personnel responsible for Netspective Communications LLC Business Systems must enforce physical access authorizations for all physical access points (including designated entry/exit points) to the facility where the information asset resides (excluding those areas within the facility officially designated as publicly accessible). This includes: [FII-SCF-017-PES-03]
  • Before granting access to the facility, validate individual access authorizations.
  • Use physical access devices and/or guards to control entry to the facility containing the information asset.
  • Control access to areas officially designated as publicly accessible based on the organization’s risk assessment.
  • Secure physical access devices such as keys and combinations.
  • Perform an annual inventory of physical access devices.
  • Change combinations and keys at least annually, in cases where keys are lost, combinations are compromised, or individuals are transferred or terminated.
• PE-5 Access Control for Display Medium: - Netspective Communications LLC Business Systems must implement measures to restrict and control physical access to information asset output devices, in order to prevent unauthorized individuals from obtaining the output. [FII-SCF-017-PES-12.2]
• PE-6 Monitoring Physical Access: - Netspective Communications LLC Business Systems must monitor physical access to the information asset to detect and respond to physical security incidents. The organization should review physical access logs every 30 days and coordinate the results of the reviews with its incident response capability.
• PE-7 Visitor Control: - Netspective Communications LLC Business Systems must authenticate visitors before authorizing access to the facility where the information asset resides (excluding areas designated as publicly accessible) in order to restrict and control physical access to the information asset.
• PE-8 Access Records: - Netspective Communications LLC Business Systems must maintain visitor access records to the facility where the information asset resides (excluding those areas within the facility officially designated as publicly accessible). Additionally, the organization must review the visitor access records at least every 30 days.
• PE-9 Power Equipment and Power Cabling: - Netspective Communications LLC Business Systems must protect power equipment and power cabling for the information asset from damage and destruction. [FII-SCF-017-PES-07.1]
• PE-10 Emergency Shutoff: - Netspective Communications LLC Business Systems must provide the capability to shut off power to the information asset or individual asset components in emergency situations. Additionally, they must place emergency shutoff switches or devices in clear and accessible areas to facilitate safe and easy access for personnel. [FII-SCF-017-PES-07.2]
• PE-11 Emergency Power: - Netspective Communications LLC Business Systems must provide and maintain a short-term uninterruptible power supply to allow for an organized shutdown of the information asset in case of primary power source failure. [FII-SCF-017-PES-07.3]
• PE-12 Emergency Lighting: - Netspective Communications LLC Business Systems must install and maintain automatic emergency lighting for the information asset to activate during power outages or disruptions. The emergency lighting should cover emergency exits and evacuation routes within the facility. [FII-SCF-017-PES-07.4]
• PE-13 Fire Protection: - Netspective Communications LLC Business Systems must install and maintain fire suppression and detection devices/systems for the information asset. These devices/systems must be supported by an independent energy source and undergo regular maintenance and testing. [FII-SCF-017-PES-08]
• PE-14 Temperature and Humidity Controls: - Netspective Communications LLC Business Systems must maintain operational temperature and humidity levels within the facility where the information asset resides. Additionally, they must continuously monitor the temperature and humidity levels to ensure they remain within operational limits. [FII-SCF-017-PES-09]
• PE-15 Water Damage Protection: Netspective Communications LLC Business Systems must provide master shutoff valves that are accessible, working properly, and known to key personnel to protect the information asset from damage resulting from water leakage.
• PE-16 Delivery and Removal: - Netspective Communications LLC Business Systems must actively authorize, monitor, and control all shipments and equipment removals from the facility and keep records of those items. [FII-SCF-017-PES-10]
• PE-17 Alternate Work Site: - Netspective Communications LLC Business Systems must apply logical and physical access controls at alternate work sites as appropriate. IT controls must be implemented to ensure that the information asset is secured. [FII-SCF-017-PES-11]
• PE-18 Location of Information Asset Components: - Netspective Communications LLC Business Systems must position information asset components within the facility to minimize potential damage from physical and environmental hazards and to minimize the opportunity for unauthorized access.