Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
PURPOSE
In respect to this policy the term physical and environmental security refers to
controls taken to protect information systems, buildings, and related supporting
infrastructure against threats associated with their physical environment.
The purpose of this policy is to:
ensure that good security principles are reinforced within WA Health ICT;
2.
SCOPE
The scope of this policy will follow the Australian Standard AS/NZS ISO/IEC
17799:2006 Information technology Security techniques Code of Practice for
Information Security Management which has 2 major categories under Physical and
Environmental Security:
1. Secure Areas
Objective: To prevent unauthorized physical access, damage, and interference to
the organisations premises and information. The physical facility is usually the
building, other structure, or environment housing the system and network
components.
2. Equipment Security
Objective: To prevent loss, damage, theft or compromise of assets and interruption
to the oganisations activities. Are those services (both technical and human) that
support the operation of the system. The system's operation usually depends on
supporting facilities such as electric power, heating and air conditioning, and
telecommunications. The failure or unsatisfactory performance of these facilities may
interrupt operation of the system and may cause physical damage to system
hardware or stored data.
The facility's geographic location relates to natural threats. These include
earthquakes and flooding; man-made threats such as burglary, civil disorders, or
interception of transmissions and emanations; and damaging nearby activities,
including toxic chemical spills, explosions, fires, and electromagnetic interference
from emitters, such as radars. These location decisions are generally beyond the
control of ICT personal and is only mentioned for completeness.
3.
POLICY
3.1 Appropriate physical and environmental security controls will be
implemented at all WA Health Information Communication Technology (ICT)
facilities to protect people, property and other information system resources.
3.2 WA Health will adopt a risk management approach when identifying
physical and environment controls for ICT systems facilities.
4.
POLICY DETAILS
2/7
5.
IMPLEMENTATION
As with other security measures, physical and environmental security controls need
to undergo a cost/benefit analysis. Indicative general approaches to justify the
selection of controls are:
1 They are required by law or regulation. There are no option but to
implement all statutory security measures.
2 The cost is insignificant, but the benefit is material. Once a significant
benefit/minimal cost security measure has been identified, no further
analysis is required to justify its implementation.
3/7
6.
BACKGROUND
All WA Health ICT facilities supporting critical or sensitive business activities should
be housed in secure areas. These facilities should be physically protected from
unauthorised access, damage and interference. They should be located in secure
areas, protected by a defined security perimeter, with appropriate entry controls and
where appropriate security barriers..
As information accessibility is essential to business WA Health is committed to
providing effective ICT facilities physical environment conditions and security to
safeguard equipment and information from unauthorised intrusion and damage and,
to provide optimum equipment operating performance.
The planning and implementation of ICT equipment environments, security
safeguards and controls, procedural, access control, architectural, electrical and
structural requirements is essential.
7.
8.
4/7
9.
AS 2834-1995
HB 167:
HB 327:
ISO/IEC 27005:
10. REFERENCES
11. DEFINITIONS
Term
Access
Australian Government
Information Security
Manual (ISM)
Business continuity
planning (BCP)
Printed Copies are Not Controlled
Definition
Obtaining knowledge or possession of information (including
verbal, electronic and hard-copy information) or other
resources, or obtaining admittance to an area.
The Defence Signals Directorates document suite that
details controls and principles for information security on ICT
systems, as well as relevant rationale. The ISM (previously
known as ASCI 33) comprises an Executive Companion,
Principles document and Controls Manual.
The development, implementation and maintenance of
policies, frameworks and programs to assist agencies
manage a business disruption, as well as build agency
5/7
ICT Asset
Information
Information Asset
Information Systems
Secure Area
6/7
Effective Date:
Operational
Directive No:
3.0
02 Feb 2014
OD: 0506/14
16 December 2013
January 2016
Responsible Group:
Enquiries Contact
Version Notes
2006 Original Development
2007 General maintenance.
2013 General Maintenance and reformatting.
7/7