- Does your staff wear ID badges?
- Is a current picture part of the ID badge?
- Are authorized access levels and type (employee, contractor, visitor) identified on the badge?
- Do you check the credentials of external contractors?
- Do you have policies addressing background checks for employees and contractors?
- Do you have a process for effectively cutting off access to facilities and information systems when an employee/contractor terminates employment?
- Do you have policies and procedures that address allowing authorized and limiting unauthorized physical access to electronic information systems and the facilities in which they are housed?
- Do your policies and procedures specify the methods used to control physical access to your secure areas, such as door locks, access control systems, security officers, or video monitoring?
- Is access to your computing area controlled (single point, reception or security desk, sign-in/sign-out log, temporary/visitor badges)?
- Are visitors escorted into and out of controlled areas?
- Are your PCs inaccessible to unauthorized users (e.g., located away from public areas)?
- Is your computing area and equipment physically secured?
- Are there procedures in place to prevent computers from being left in a logged on state, however briefly?
- Are screens automatically locked after 10 minutes idle?
- Are modems set to Auto-Answer OFF (not to accept incoming calls)?
- Do you have procedures for protecting data during equipment repairs?
- Do you ...