Download: PHYSEC1 Guidance (PDF, 1.3 MB)
Date of first approval: 20 April 2020
Date of review: 26 October 2022
Next review date: December 2024
Purpose
Agencies have a responsibility to ensure their people, information, and assets (resources) are protected from harm, including compromise. This policy ensures agencies take the necessary steps to minimise physical security risks to an agency’s resources, while also ensuring agencies incorporate protective security requirements into the planning, selection, design, and modification of their facilities.
Core Requirement
Implement physical security measures that minimise the risk of harm or compromise to people, information and physical assets
Supporting Requirements
To ensure physical security measures minimise the risk of harm or compromise to people, information and physical assets, agencies [1] must:
- identify and categorise the agency’s resources that require a level of physical protection
- incorporate protective security in the process of planning, selecting, designing and modifying agency facilities
- implement physical security measures proportionate to the assessed business impact of harm or compromise to agency resources, including:
a. zoning all work areas
b. applying all required individual control elements
c. ICT equipment and facilities
- certify and accredit all security zones
a. ensuring areas where sensitive or security classified information is used, transmitted, stored or discussed are certified in accordance with the applicable ASIO Technical Notes [2]
- dispose of physical assets securely
- manage security risks associated with working away from the office
[1] This policy applies to all South Australian public sector agencies (as defined in section 3(1) of the Public Sector Act 2009) and to any other person or organisation that is generally subject to the direction of a Minister of the Crown; all of which are referred to in this policy as “Agencies”.
[2] ASIO Technical Notes are available via GovTeams. Users will be required to register and request access to the Protective Security Policy community.
Resources
- PHYSEC1 Guidance
- Annex A Table 1: Security zone descriptions and personnel security clearance requirements
- Annex A Table 2: Physical protections for security zones
- Annex A Table 3: Business Impact Levels Commercial safes and vault
- Annex A Table 4: Physical security for security zones
- Annex A Table 5: Business impact levels - storage requirements for electronic information in ICT facilities
- Annex A Table 6: Summary of control measures and certification authority
- Annex B Figures: Indicative layering of security zones
- Security Construction and Equipment Committee