Physical and Environmental Security is a key factor in implementing and maintaining information security in an organisation. Annex a 11 of ISO 27001 guides organisations on how data breaches can occur in the physical environment and how precautions can be taken.
Even if you have the strongest firewalls, procedures and methodology, if there is a breach in physical security, issues may arise. This is why ISO 27001 covers more than only the application of technical controls.
In this article, we take a look at the Annex that is designated for physical security, its objectives, controls, and how this Annex helps your organisation in your journey of information security.
*Update: It's important to highlight that the ISO 27001:2013 standard was updated on 25th October 2022, resulting in the ISO 27001:2022 most recent edition with revised guidelines. For the most current and precise details about the ISO 27001 Annex A Controls, please refer to the updated version.