Creating a Physical Security Policy

Summary of Proposed Policy

To help combat the theft of proprietary data and the damage at any company, the following will be a suggestion of a new physical security policy. This policy requires that employees use an organization issued ID Card and a PIN Number to access all areas of the organization. Thus, employees are required to display a company issued ID card at all times. Also, a PIN number will be issued with every employee ID Card. This policy is aimed towards the employees of the company and places the responsibilities on them to ensure the security of the organization.

Policy Principles

1. All employee-specific locations throughout the building will be locked and require the company issued ID card and associated employee PIN to unlock.
2. An employee is required to have the ID card at all times on his person, visible to everyone.
3. An employee should not lend or share his PIN/ID card with another employee under any circumstances.

ID Card Specifications

1. The ID Card will have a photograph taken by the company on the front side of the card.
2. The ID Card will have emergency contact information on the back.
3. The ID Card will be the size of a normal credit card (3.370 ×2.125 in).
4. The ID Card will be issued with an associated PIN number of 6 digits.

Objectives

• Minimize risk and vulnerability caused by the physical security of our organization
• Create a two-step authentication process as a safeguard company’s assets.
• Tighten access control across our organization.
• Provide “obstacles” to attackers and to “harden” the physical site against attacks and accidents (Rouse, 2016).

Guidelines/Instructions

Moving forward, all employee-specific areas that contain any type of information system will be closed-off with a secure door that will have an ID pad located next to it. To unlock the door, an employee must use his company issued ID Badge, and use his unique employee PIN number.  The instructions to do so are as follows:

1. Employee will place ID badge in front of ID Pad located adjacent to the locked door.
2. When prompted, employee will type in his 6 digit PIN.
3. Door will unlock and employee will be granted access.

Penalties

It is very common for employees to misplace their ID cards or lose them entirely. Thus, we will not issue any penalty for doing so.

The reasoning behind this is two-fold. First, a stranger can obtain a company card and still be denied access without that employee’s specific PIN code. Second, an employee is more likely to keep track of the card as he needs it to access all areas in our building. We have the utmost trust and respect for our employees and feel punishment will not be required.

In terms of a replacement ID card, we require that employees cover the cost of the replacement ID, because we believe that it might help them to take greater precautions in the future.

Example

Before leaving for work, Employee A grabs his employee ID card off his dresser. He places the lanyard with the card attached to it around his neck and heads out to work in his car. Upon arrival at work, Employee A parks his car in the garage and decides to enter the building through the side entrance. At the door, he tries it and realizes it is locked. He then turns to the side, maneuvers his ID card from his neck to the pad, and types in his 6 digit employee code. This allows him access into the building. He enters the staircase and walks up to the second floor. However, there is another locked door with another ID Pad. Employee A reenacts the same procedure as before and is granted access to this floor. He is now free to walk to his station and begin his day.

Potential Drawbacks

The requirement of ID cards and pin pads has potential drawbacks worth mentioning:

• Cost to install pin pads on all employee specific locations
• Cost to print and manufacture ID cards
• Adding more time to everyone’s everyday operations