Physical security
-
Specific security measures
- Using NZSIS-approved products
- Perimeter access controls
- Building construction
- Alarm systems
- Individual alarm options
- Access control systems
- Alarm system and other building management systems interoperability
- Locks, key systems, and doors
- Closed-circuit television
- Security lighting
- Security containers and cabinets
- Secure rooms, safes, and vaults
- Visitor control
- Receptionists and guards
- Other physical security measures
PHY031
Security containers and cabinets
Choose the right containers and cabinets to keep information and assets secure.
You must secure official information, valuable physical assets, and money in containers that are appropriate to their Business Impact Level (BIL).
Evaluate your security needs first
When you’re selecting security containers and cabinets, evaluate the potential risks to the information or assets they will hold. Risks such as theft, damage, or unauthorised access.
Factors that will affect the class of security container you need include:
- the level of protective marking on information or assets
- the BIL
- the location of the information or physical assets within a facility (refer to Zone requirements)
- the structure and location of your building
- your access control systems
- other physical protection systems you use (for example: locks, alarms, and outer zone security).
More guidance on choosing secure containers
- Table - Selecting security containers or rooms for storing official information
- NZSIS guidelines on equipment selection
Carefully consider where to put containers
Whenever possible, avoid placing security containers against security zone perimeters with lower levels of protection. Doing so could allow an intruder to bypass the additional security features of the more secure zone.
Protect in line with the highest BIL
Ensure valuable physical assets that contain official information, such as computers and other ICT equipment, are protected from whichever has the higher BIL:
- the compromise of aggregated information in the physical asset
- the loss of the physical asset itself.
When possible, store protectively-marked information separately from other physical assets. This separation will:
- lower the likelihood of information being compromised if physical assets are stolen
- help investigators determine the reason for any incidents involving unauthorised access.
More information:
- Table - Selecting security containers or rooms for storing official information
Using NZSIS-approved containers
NZSIS-approved security containers are designed for storing protectively-marked information. Use an approved container when the level of protectively-marked material requires it.
NZSIS-approved security containers provide:
- a high level of tamper evidence from a covert attack
- a significant delay in the event of a clandestine attack
- limited protection from a forcible attack.
More information:
- Using NZSIS-approved products
Container classes
NZSIS-approved containers come in three classes according to the level of protection they give.
Class A containers
These containers are designed to protect information with a BIL of extreme or catastrophic in high-risk situations.
Class A containers are extremely heavy and may not be suitable for use in buildings with limited floor loadings.
Class B containers
These containers are designed to protect information with a BIL of:
- extreme or catastrophic in low-risk situations
- high or very high in higher risk situations.
Class B containers are broadly of two types:
- heavy types suitable for use where there are minimal other physical controls
- lighter models designed for use along with other physical security measures.
Consider where you will position Class A and B containers, as weight may be an issue, particularly in older buildings.
Class C containers
These containers are designed to protect information with a BIL:
- up to extreme BIL in low-risk situations and information
- of medium in higher risk situations.
These containers must be fitted with an NZSIS-approved restricted keyed lock or padlock.
When you don’t need an NZSIS-approved container
Your organisation should, where your risk assessments indicate, use lockable commercial containers for:
- information with a low-to-medium business impact
- higher level information within an NZSIS-approved secure room.
Page last modified: 26/10/2018