{"id":8403,"date":"2022-11-29T14:54:12","date_gmt":"2022-11-29T14:54:12","guid":{"rendered":"https:\/\/www.imsm.com\/us\/?p=8403"},"modified":"2023-01-18T11:29:03","modified_gmt":"2023-01-18T11:29:03","slug":"does-iso-27001-cover-physical-security","status":"publish","type":"post","link":"https:\/\/www.imsm.com\/us\/news\/does-iso-27001-cover-physical-security\/","title":{"rendered":"Does ISO 27001 Cover Physical Security?"},"content":{"rendered":"<p><span data-contrast=\"auto\">In this article, you will understand the following:<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<ul>\n<li><span data-contrast=\"auto\">What is ISO\/IEC 27001?<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">What do we mean by physical and environmental security?<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Why is physical and environmental security essential for business protection?<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Does ISO\/IEC 27001 cover physical security?<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">What is Clause 7 of Annex A in ISO\/IEC 27001:2022?<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<\/ul>\n<h2><b><span data-contrast=\"auto\">What is ISO\/IEC 27001?<\/span><\/b><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/h2>\n<p><a href=\"https:\/\/www.imsm.com\/gb\/iso-27001\/\"><span data-contrast=\"none\">ISO\/IEC 27001<\/span><\/a><span data-contrast=\"auto\"> is the international standard for maintaining an Information Security Management System (ISMS). Implementing an ISMS is essential for any business that aims to be securely protected against security risks or data breaches.\u00a0<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">ISO\/IEC 27001 will enable your business to keep its information and data, whether it\u2019s customer, staff, or supplier data, secure from potential threats.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">These potential threats can include the following:<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<ul>\n<li><span data-contrast=\"auto\">Intellectual property theft<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Identity theft<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Information extortion<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Equipment or information theft<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Sabotage and hacking<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Viruses, worms, phishing attacks and trojan horses<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">The ISO\/IEC 27001 standard aims to reduce the probability of possible threats occurring in your business. Processes will be implemented according to ISO\/IEC 27001, allowing your organization to identify hazards and take corrective actions to prevent them.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">See our <\/span><a href=\"https:\/\/www.imsm.com\/gb\/blogs\/iso-27001-for-businesses-everything-you-need-to-know\/\"><span data-contrast=\"none\">blog<\/span><\/a><span data-contrast=\"auto\"> for more information about ISO\/IEC 27001 and <\/span><a href=\"https:\/\/www.imsm.com\/gb\/blogs\/what-is-iso-27001-and-why-is-it-important\/\"><span data-contrast=\"none\">what it is<\/span><\/a><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<h2><b><span data-contrast=\"auto\">What do we mean by physical and environmental security?<\/span><\/b><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">Physical and environmental security refers to your organization\u2019s precautions to prevent physical threats. Your organization must be protected from any danger that could happen, no matter how big or small.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Threats directed at your organization from your physical environment can cause irreversible reputational damage and harm the safety of your clients, customers, staff, and suppliers. <\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Physical threats can include:<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<ul>\n<li><span data-contrast=\"auto\">Intentional destruction directed towards your organization, or a specific person<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Unintentional destruction<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Hardware failures from accidents or deliberate tampering<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Power failures<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">ISO\/IEC 27001 enables your organization to look within its physical environment and understand where there are potential non-conformities within your company. With ISO\/IEC 27001\u2019s policies, your organization can improve and build upon the current framework you already have to establish a system with minimized flaws.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">An example would be implementing a policy in which data is double-checked and stored in a location where select authorized individuals can access it. Preventative actions and strategies are in place for those who do not have access to this data to minimize the probability of threats.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<figure class=\"u-TextAlignNone\"><a href=\"https:\/\/blog.imsm.com\/27001-guide-download?_gl=1*15032ms*_ga*MTI0NTI4NjYwOS4xNjYwNTU0NjA0*_ga_3D8T6ZJS4B*MTY3NDAzMzA5MS4yNTAuMS4xNjc0MDQxMzk5LjAuMC4w\"><img decoding=\"async\" class=\"c-Image\" title=\"\" src=\"https:\/\/www.imsm.com\/us\/wp-content\/uploads\/sites\/2\/2022\/11\/ISO-27001-Guide-Download.png\" alt=\"Download your free guide for ISO 27001\" \/><\/a><\/figure>\n<h2><b><span data-contrast=\"auto\">Why is physical and environmental security essential for business protection?<\/span><\/b><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">Having a security management system in place against any physical or environmental threat is critical for maintaining good business practices regarding data and information security.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Suppose an unknown source hacks into your systems or physically gains access to your devices and software. In that case, all data and information stored on that device will become available for them to use or sabotage.\u00a0<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Environmental and physical threats can occur within any business that uses and stores data or information.\u00a0<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">There are three types of personal data:\u00a0<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<ul>\n<li><span data-contrast=\"auto\">General personal data<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Sensitive personal data<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Details of criminal offences<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">General personal data can include your client\u2019s or customer\u2019s personal information, such as names, emails, or physical addresses. Information such as passwords, security numbers, financial records, and employment details are also deemed as general personal data, among many others.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Data classified as sensitive or special category data, according to GDPR, needs a greater level of protection because it is sensitive. This data includes:<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<ul>\n<li><span data-contrast=\"none\">Ethnic or racial origins<\/span><span data-ccp-props=\"{&quot;134233117&quot;:true,&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:240}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"none\">Political, religious, or philosophical opinions<\/span><span data-ccp-props=\"{&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559738&quot;:120,&quot;335559739&quot;:160,&quot;335559740&quot;:240}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"none\">Trade union memberships<\/span><span data-ccp-props=\"{&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559738&quot;:120,&quot;335559739&quot;:160,&quot;335559740&quot;:240}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"none\">Genetic data<\/span><span data-ccp-props=\"{&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559738&quot;:120,&quot;335559739&quot;:160,&quot;335559740&quot;:240}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"none\">Biometric data (where used for identification purposes)<\/span><span data-ccp-props=\"{&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559738&quot;:120,&quot;335559739&quot;:160,&quot;335559740&quot;:240}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"none\">Health-related data<\/span><span data-ccp-props=\"{&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559738&quot;:120,&quot;335559739&quot;:160,&quot;335559740&quot;:240}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"none\">Sex life or sexual orientation<\/span><span data-ccp-props=\"{&quot;134233118&quot;:true,&quot;201341983&quot;:0,&quot;335559738&quot;:120,&quot;335559739&quot;:160,&quot;335559740&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">With ISO\/IEC 27001, data and information will be managed safely and appropriately to prevent misuse. Data must be retained solely for its purpose and by GDPR rules and regulations.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<h2><b><span data-contrast=\"auto\">Does ISO\/IEC 27001 cover physical security?<\/span><\/b><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">ISO\/IEC 27001 does include a section on how your organization should be guided in the event of a data breach occurring in the physical environment of your business.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">ISO\/IEC 27001:2022 includes controls that are distributed across four categories; these include organizations, people, physical and technological. Clause 7 of Annex A includes physical controls, which must be maintained to a high efficiency to protect physical security.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">The environment in which data is handled should be competently assessed for non-conformities and hazards which could occur unexpectedly.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Through implementing ISO\/IEC 27001 within your organization, the probability of environmental and physical security risks occurring will be significantly reduced. You can be assured that your systems will be continually assessed to a high standard, and you can regularly maintain your business\u2019s competency.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">The controls outlined in Clause 7 of Annex A of ISO\/IEC 27001:2022 are:<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<ul>\n<li><span data-contrast=\"auto\">7.1 Physical security perimeters<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">7.2 Physical entry\u00a0<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">7.3 Securing offices, rooms, and facilities<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">7.4 Physical security monitoring<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">7.5 Protecting against physical and environmental threats<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">7.6 Working in secure areas<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">7.7 Clear desk and clear screen<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">7.8 Equipment siting and protection<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">7.9 Security of assets off-premises<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">7.10 Storage media<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">7.11 Supporting utilities<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">7.12 Cabling security<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">7.13 Equipment maintenance<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">7.14 Secure disposal or re-use of equipment<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">For example, in control 7.2, physical entry controls detail that secure areas should be protected by appropriate entry controls and access points. This ensures that only authorized personnel should have physical access to your organization&#8217;s information. Physical entry controls include technical mechanisms to manage areas of access, such as entry doors, gates, card readers, ID scanners, keypads, and revolving doors. <\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">In control 7.10, storage media, ISO\/IEC 27001 addresses how organizations can manage their storage media devices, such as SSD\u2019s, USB sticks, external drives, and mobile devices through their life cycle of acquisition, use, transportation, and disposal in accordance with their handling requirements. <\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">ISO\/IEC 27001 includes controls and clauses that cover physical security within your organization. Therefore, you can be assured that by following ISO\/IEC 27001, your controls and security management are protected against physical security risks.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<figure class=\"u-TextAlignLeft\"><img decoding=\"async\" class=\"c-Image title=\" src=\"https:\/\/www.imsm.com\/us\/wp-content\/uploads\/sites\/2\/2022\/11\/Be-safe-from-physical-security-risks-1200-\u00d7-400-px-v2.png\" alt=\"\" \/><\/figure>\n<h2><b><span data-contrast=\"auto\">I\u2019m interested in ISO\/IEC 27001. What can I do next?<\/span><\/b><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">Are you interested in learning more about what ISO\/IEC 27001 can do to help your business? Please find what you need to know <\/span><a href=\"https:\/\/www.imsm.com\/gb\/blogs\/iso-27001-for-businesses-everything-you-need-to-know\/\"><span data-contrast=\"none\">here<\/span><\/a><span data-contrast=\"auto\"> or <\/span><a href=\"https:\/\/blog.imsm.com\/27001-guide-download?_gl=1*1ktt9ms*_ga*OTM3NzU5MDU1LjE2NjU0NzYwNTc.*_ga_3D8T6ZJS4B*MTY2NTQ5MTk3OC40LjEuMTY2NTQ5MjM3Ni4wLjAuMA..\"><span data-contrast=\"none\">download our free guide<\/span><\/a><span data-contrast=\"auto\"> for more information.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">If you are interested in ISO\/IEC 27001, you can contact us and schedule a free consultation with one of our specialist consultants. Here at IMSM, we have a transparent fixed fee and flexible approach, helping you to seamlessly earn certification.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Do you already have ISO\/IEC 27001? You can become certified to conduct internal audits as an ISO\/IEC 27001 Internal Auditor through one of our <\/span><a href=\"https:\/\/blog.imsm.com\/iat-training-for-27001?_gl=1*1icktrm*_ga*OTM3NzU5MDU1LjE2NjU0NzYwNTc.*_ga_3D8T6ZJS4B*MTY2NTQ5MTk3OC40LjEuMTY2NTQ5MjY5OS4wLjAuMA..\"><span data-contrast=\"none\">live online training courses<\/span><\/a><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Sources:<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/www.verizon.com\/business\/en-au\/resources\/reports\/dbir\/\"><span data-contrast=\"none\">https:\/\/www.verizon.com\/business\/en-au\/resources\/reports\/dbir\/<\/span><\/a><span data-contrast=\"auto\">\u00a0<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<figure class=\"u-TextAlignNone\"><a href=\"https:\/\/www.imsm.com\/us\/iso-27001\/#contact-us\"><img decoding=\"async\" class=\"c-Image\" title=\"\" src=\"https:\/\/www.imsm.com\/us\/wp-content\/uploads\/sites\/2\/2022\/11\/ISO-27001-Get-your-free-quote.png\" alt=\"Get your free quote for ISO 27001\" \/><\/a><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>In this article, you will understand the following:\u00a0 What is ISO\/IEC 27001?\u00a0 What do we mean by physical and environmental [&hellip;]<\/p>\n","protected":false},"author":25,"featured_media":8409,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","inline_featured_image":false,"pgc_sgb_lightbox_settings":"","footnotes":""},"categories":[34],"tags":[47,13,46,19,45,44],"class_list":["post-8403","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-certification","tag-data-security","tag-implementation","tag-iso-27001","tag-standard-update","tag-update"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>ISO 27001: Update Incoming | IMSM US<\/title>\n<meta name=\"description\" content=\"Physical security refers to your organization\u2019s precautions to prevent physical threats. Your organization must be protected from any danger that could happen, no matter how big or small.\u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.imsm.com\/us\/news\/does-iso-27001-cover-physical-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ISO 27001: Update Incoming | IMSM US\" \/>\n<meta property=\"og:description\" content=\"Physical security refers to your organization\u2019s precautions to prevent physical threats. Your organization must be protected from any danger that could happen, no matter how big or small.\u00a0\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.imsm.com\/us\/news\/does-iso-27001-cover-physical-security\/\" \/>\n<meta property=\"og:site_name\" content=\"IMSM US\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/en-gb.facebook.com\/imsmltd\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-29T14:54:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-01-18T11:29:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.imsm.com\/gb\/wp-content\/uploads\/sites\/2\/2022\/11\/Physical-Security.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1080\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"amywright\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@IMSM_Ltd\" \/>\n<meta name=\"twitter:site\" content=\"@IMSM_Ltd\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"amywright\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.imsm.com\/us\/news\/does-iso-27001-cover-physical-security\/\",\"url\":\"https:\/\/www.imsm.com\/us\/news\/does-iso-27001-cover-physical-security\/\",\"name\":\"ISO 27001: Update Incoming | IMSM US\",\"isPartOf\":{\"@id\":\"https:\/\/www.imsm.com\/us\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.imsm.com\/us\/news\/does-iso-27001-cover-physical-security\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.imsm.com\/us\/news\/does-iso-27001-cover-physical-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.imsm.com\/us\/wp-content\/uploads\/sites\/2\/2022\/11\/Physical-Security.png\",\"datePublished\":\"2022-11-29T14:54:12+00:00\",\"dateModified\":\"2023-01-18T11:29:03+00:00\",\"author\":{\"@id\":\"https:\/\/www.imsm.com\/us\/#\/schema\/person\/990a6ba5dfd82cda313e2dd00eb363b0\"},\"description\":\"Physical security refers to your organization\u2019s precautions to prevent physical threats. Your organization must be protected from any danger that could happen, no matter how big or small.\u00a0\",\"breadcrumb\":{\"@id\":\"https:\/\/www.imsm.com\/us\/news\/does-iso-27001-cover-physical-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.imsm.com\/us\/news\/does-iso-27001-cover-physical-security\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.imsm.com\/us\/news\/does-iso-27001-cover-physical-security\/#primaryimage\",\"url\":\"https:\/\/www.imsm.com\/us\/wp-content\/uploads\/sites\/2\/2022\/11\/Physical-Security.png\",\"contentUrl\":\"https:\/\/www.imsm.com\/us\/wp-content\/uploads\/sites\/2\/2022\/11\/Physical-Security.png\",\"width\":1080,\"height\":1080},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.imsm.com\/us\/news\/does-iso-27001-cover-physical-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.imsm.com\/us\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Does ISO 27001 Cover Physical Security?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.imsm.com\/us\/#website\",\"url\":\"https:\/\/www.imsm.com\/us\/\",\"name\":\"IMSM US\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.imsm.com\/us\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.imsm.com\/us\/#\/schema\/person\/990a6ba5dfd82cda313e2dd00eb363b0\",\"name\":\"amywright\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.imsm.com\/us\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b9a7d7e0f867d04d3ec6ad1557548ab8?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b9a7d7e0f867d04d3ec6ad1557548ab8?s=96&d=mm&r=g\",\"caption\":\"amywright\"},\"url\":\"https:\/\/www.imsm.com\/us\/news\/author\/amywright\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ISO 27001: Update Incoming | IMSM US","description":"Physical security refers to your organization\u2019s precautions to prevent physical threats. Your organization must be protected from any danger that could happen, no matter how big or small.\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.imsm.com\/us\/news\/does-iso-27001-cover-physical-security\/","og_locale":"en_US","og_type":"article","og_title":"ISO 27001: Update Incoming | IMSM US","og_description":"Physical security refers to your organization\u2019s precautions to prevent physical threats. Your organization must be protected from any danger that could happen, no matter how big or small.\u00a0","og_url":"https:\/\/www.imsm.com\/us\/news\/does-iso-27001-cover-physical-security\/","og_site_name":"IMSM US","article_publisher":"https:\/\/en-gb.facebook.com\/imsmltd\/","article_published_time":"2022-11-29T14:54:12+00:00","article_modified_time":"2023-01-18T11:29:03+00:00","og_image":[{"width":1080,"height":1080,"url":"https:\/\/www.imsm.com\/gb\/wp-content\/uploads\/sites\/2\/2022\/11\/Physical-Security.png","type":"image\/png"}],"author":"amywright","twitter_card":"summary_large_image","twitter_creator":"@IMSM_Ltd","twitter_site":"@IMSM_Ltd","twitter_misc":{"Written by":"amywright","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.imsm.com\/us\/news\/does-iso-27001-cover-physical-security\/","url":"https:\/\/www.imsm.com\/us\/news\/does-iso-27001-cover-physical-security\/","name":"ISO 27001: Update Incoming | IMSM US","isPartOf":{"@id":"https:\/\/www.imsm.com\/us\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.imsm.com\/us\/news\/does-iso-27001-cover-physical-security\/#primaryimage"},"image":{"@id":"https:\/\/www.imsm.com\/us\/news\/does-iso-27001-cover-physical-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.imsm.com\/us\/wp-content\/uploads\/sites\/2\/2022\/11\/Physical-Security.png","datePublished":"2022-11-29T14:54:12+00:00","dateModified":"2023-01-18T11:29:03+00:00","author":{"@id":"https:\/\/www.imsm.com\/us\/#\/schema\/person\/990a6ba5dfd82cda313e2dd00eb363b0"},"description":"Physical security refers to your organization\u2019s precautions to prevent physical threats. Your organization must be protected from any danger that could happen, no matter how big or small.\u00a0","breadcrumb":{"@id":"https:\/\/www.imsm.com\/us\/news\/does-iso-27001-cover-physical-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.imsm.com\/us\/news\/does-iso-27001-cover-physical-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.imsm.com\/us\/news\/does-iso-27001-cover-physical-security\/#primaryimage","url":"https:\/\/www.imsm.com\/us\/wp-content\/uploads\/sites\/2\/2022\/11\/Physical-Security.png","contentUrl":"https:\/\/www.imsm.com\/us\/wp-content\/uploads\/sites\/2\/2022\/11\/Physical-Security.png","width":1080,"height":1080},{"@type":"BreadcrumbList","@id":"https:\/\/www.imsm.com\/us\/news\/does-iso-27001-cover-physical-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.imsm.com\/us\/"},{"@type":"ListItem","position":2,"name":"Does ISO 27001 Cover Physical Security?"}]},{"@type":"WebSite","@id":"https:\/\/www.imsm.com\/us\/#website","url":"https:\/\/www.imsm.com\/us\/","name":"IMSM US","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.imsm.com\/us\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.imsm.com\/us\/#\/schema\/person\/990a6ba5dfd82cda313e2dd00eb363b0","name":"amywright","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.imsm.com\/us\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b9a7d7e0f867d04d3ec6ad1557548ab8?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b9a7d7e0f867d04d3ec6ad1557548ab8?s=96&d=mm&r=g","caption":"amywright"},"url":"https:\/\/www.imsm.com\/us\/news\/author\/amywright\/"}]}},"_links":{"self":[{"href":"https:\/\/www.imsm.com\/us\/wp-json\/wp\/v2\/posts\/8403","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.imsm.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.imsm.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.imsm.com\/us\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.imsm.com\/us\/wp-json\/wp\/v2\/comments?post=8403"}],"version-history":[{"count":7,"href":"https:\/\/www.imsm.com\/us\/wp-json\/wp\/v2\/posts\/8403\/revisions"}],"predecessor-version":[{"id":8458,"href":"https:\/\/www.imsm.com\/us\/wp-json\/wp\/v2\/posts\/8403\/revisions\/8458"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.imsm.com\/us\/wp-json\/wp\/v2\/media\/8409"}],"wp:attachment":[{"href":"https:\/\/www.imsm.com\/us\/wp-json\/wp\/v2\/media?parent=8403"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.imsm.com\/us\/wp-json\/wp\/v2\/categories?post=8403"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.imsm.com\/us\/wp-json\/wp\/v2\/tags?post=8403"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}