Agencies have a responsibility to ensure their people, information and assets (resources) are protected from harm, including compromise. This policy ensures agencies take the necessary steps to minimise physical security risks to an agency’s resources, while also ensuring agencies incorporate protective security requirements into the planning, selection, design and modification of their facilities.
Core requirement 13
Implement physical security measures that minimise the risk of harm or compromise to people, information and physical assets
To ensure physical security measures minimise the risk of harm or compromise to people, information and physical assets, agencies* must:
- identify and categorise the agency’s resources that require a level of physical protection
- incorporate protective security in the process of planning, selecting, designing and modifying agency facilities
- implement physical security measures proportionate to the assessed business impact of harm or compromise to agency resources, including:
- zoning all work areas
- applying all required individual control elements
- ICT equipment and facilities
- certify and accredit all security zones
- ensuring areas where sensitive or security classified information is used, transmitted, stored or discussed are certified in accordance with the applicable ASIO Technical Notes**
- dispose of physical assets securely
- manage security risks associated with working away from the office.
*This policy applies to all South Australian public sector agencies (as defined in section 3(1) of the Public Sector Act 2009) and to any other person or organisation that is generally subject to the direction of a Minister of the Crown; all of which are referred to in this policy as “Agencies”.
**ASIO Technical Notes are available via GovTeams. Users will be required to register and request access to the Protective Security Policy community.