Computer systems and data are essential to our modern lives. The safeguards securing these assets are both logical and physical. Many times, the need for physical security in a computing environment is overlooked. Unauthorized access to sensitive data and physical assets can create a significant risk for an organization.

The direct and indirect cost to an organization can be substantial. Direct costs come in the form of the cost to replace hardware, upgrade hardware and software, time and resources needed to reinstall and reconfigure the systems, as well as possible legal liabilities of having inadequate access controls. Indirect costs can come in the form of lost orders, lost customers, lost production, loss of competitive advantage, and possible legal liabilities.

Here are some examples of security policies that would be effective in limiting physical access to protect the data and assets of an organization:

• All physical security must comply with all applicable regulations such as building and fire codes.
• Access to secure computing facilities will be granted only to individuals with a legitimate business need for access.
• All secure computing facilities that allow visitors must have an access log.
• Visitors must be escorted at all times.