We are reviewing our organization's overall physical security (e.g. policies, procedures, org structure, technology, and other controls) for potential improvement, and we have a few questions that we would like to pose to the group:
Has your organization had a physical security assessment by a third party?
If so (and if you believe that assessment was beneficial), would you mind sharing your general recommendation/leading practice implementations and contact information for the third party assessor?
Whether or not you’ve had an assessment, are there any particular physical security aspects of your organization that work well that you are willing to recommend (i.e. those you may consider ‘leading practices’)?
We appreciate any feedback (if your feedback is too sensitive for posting, we'd be happy to discuss via email or setup a call, virtual meeting, etc.).
Edward Skinner, MBA, CISA, CISSP, GSNA, GCCC, Security+
Senior IT Internal Auditor – Office of Internal Audit