ISO 27002:2022 introduces several new information security controls including A7.4 –Physical security monitoring.
This blog takes a brief look at what is required.
Physical security monitoring in ISO 27002:2022
The new control id 7.4 –physical security monitoring has been added to ISO/IEC 27002:2022 to detect and deter unauthorized physical access.
The control is regarding the premises which should be continuously monitored for unauthorized physical access.
The new control gives guidance in physical premises which should be monitored by surveillance systems, which can include guards, intruder alarms, video monitoring systems such as closed-circuit television and physical security information management software either managed internally or by a monitoring service provider, also access to buildings that house critical systems should be continuously monitored to detect unauthorized access or suspicious behaviour.
The design of monitoring systems should be kept confidential because disclosure can facilitate undetected break-ins.
How to Evidence A7.4 of ISO 27002:2022
Organisations can evidence control A7.4 in several ways, including:
- installing video monitoring systems such as closed-circuit television to view and record access to sensitive areas within and outside an organization’s premises
- installing, according to relevant applicable standards, and periodically testing contact, sound or motion detectors to trigger an intruder alarm such as:
1) installing contact detectors that trigger an alarm when a contact is made or broken in any place where a contact can be made or broken (such as windows and doors and underneath objects) to be used as a panic alarm
2) motion detectors based on infra-red technology which trigger an alarm when an object passes through their field of view
3) installing sensors sensitive to the sound of breaking glass which can be used to trigger an alarm to alert security personnel