Introduction to physical security for ICT systems
ICT systems are protected by a combination of physical and logical controls. Logical access controls are detailed in the New Zealand Information Security Manual.
In some cases, the increased level of protection logical controls provide may mean you can reduce your use of physical controls.
Make sure you refer to security requirements for ICT systems and electronic information in your organisation’s business continuity plans, and other disaster response and recovery plans.
You may need to consult the Government Communications Security Bureau (GCSB) before you install ICT systems.
Exceptions come with conditions
If your organisation doesn’t apply the logical controls identified in the New Zealand Information Security Manual, you must meet or exceed (based on your risk assessment) the controls identified in the Design physical security early.
You should also:
- ensure your chief security officer (CSO) is involved in planning processes for ICT systems, so that the physical security requirements are suitable for the ICT equipment and operations
- restrict access to ICT equipment used to store or process official information to authorised people with a need-to-know
- provide physical security to all components of your ICT systems, including cabling, taking into account the level of protection given by any encryption.
For more guidance on ICT system security, refer to the following documents.
- NZS/AS ISO/IEC 27002:2006 Information technology – Security techniques – Code of practice for information security management
- ANSI/TIA-942 Data Center Standards Overview
Page last modified: 19/09/2019