DATA FACILITY PHYSICAL SECURITY
Security Compliance Associates (SCA) will conduct an evaluation of the measures the institution employs to provide for the physical security of the institution's information systems as well as consumer information and vital records maintained on other media, i.e. paper, microfiche, CD's, flash drives, etc. Including advice on best compliance practices of what type of customer information needs to be retained by your institution and for what length of time.
SCA will review and access the financial institution's deployment and use of alarm systems, surveillance systems, access controls, vendor/visitor and or third-party provider's controls and oversight and management of couriers and janitorial personnel.
SCA will review and access eleven key issues within three broad areas critical to effective data facility security. They are:
- Administration
- > Identification
- > Courier/Message Service
- > Janitorial Services
- > Access Controls
- External Conditions
- > Exterior Lighting
- > Roof Access
- > Air Ducts
- > Exterior Doors
- Vital Records and Information Security
- > Server Room
- > Media Storage and Protection
Keeping in mind the phrase, "you're only as strong as your weakest link", during this phase of the engagement, SCA will perform social engineering. SCA will attempt to penetrate non-public areas of the facility during and after business hours, attempt to gain access to employees' computers, attempt to gain access to sensitive documents and information stored on other media and will conduct e-mail phishing to test and evaluate employee security awareness and response within the scope proper company and compliance.
