The purpose of this Physical Access Policy is to establish the rules of granting, controlling, monitoring, and removing physical access to Encore’s facilities, property and equipment.
The Physical Access Policy applies to all individuals that have been granted access to Encore’s facilities, property, and equipment that stores the critical data and physical systems. The physical security perimeter encompasses all areas accessible through the main gate entry.
Encore resources must be physically protected in proportion to the criticality, sensitivity, or business importance of their function(s).
Security Access System
● Personnel, including full- and part-time staff, contractors, and vendor service staff, should be granted access only to facilities and systems necessary to fulfill their job responsibilities.
● Requests for access, removal, modification must come from and include sign-off from the office manager and submitted to the Service Desk. Tickets are utilized to track the granting, removal, and modification of access.
● The process for granting physical access to the room containing the networking equipment must include approval from the IT Director.
● Access to the room containing the networking equipment must be recorded in a log for traceability by the Office Manager or designated office representative at the time of entry.
● The Service Desk must remove card and/or key access rights of individuals that leave or change roles within Encore.
● Visitors who have not been granted special access privileges must at all times be escorted and monitored in access-controlled areas at Encore facilities.
Protection of physical access cards and keys
● Personnel must not share or transfer access cards and/or keys to other individuals within or external to Encore including “piggybacking” i.e. allowing fellow employees or other individuals to follow into an access-controlled area without appropriate permissions.
● Access cards and/or keys that are no longer needed must be returned to their manager. Cards must not be transferred or reallocated to another individual, bypassing the return process.
● Lost or stolen access cards and/or keys must be reported to the Server Desk.
● A service charge may be assessed for access cards and/or keys that are lost, stolen, or not returned.
Visitor Access Process
● Visitors must be escorted by a Encore employee at all times.
Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.