Request a Demo

The Noggin Platform

The world’s leading platform for integrated safety & security management.

Learn More
Find Your Solution
  • Crisis management Crisis Management
  • Emergency Management Emergency Management

Apply best practices to plan for, respond to, and manage critical events and exercises. Built on ISO standards, you can respond faster with better collaboration using plans and playbooks, smart workflows, and real-time dashboards and insights, to ensure better incident response, decision-making, and continuous improvement.

Learn More
Request a Demo

All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.

Learn More
Request a Demo
  • Safety Management Safety Management
  • Employee Health & Wellbeing Employee Health & Wellbeing
  • Governance Risk & Compliance Governance, Risk & Compliance (GRC)
  • Asset Management Asset Management
  • Contractor Management Contractor Management
  • Visitor Management Visitor Management
  • Emergency Management Emergency Management

All the tools needed to automate your safety management system in one easy-to-use platform, following ISO standards. Increase efficiency with powerful automation capabilities and provide real time insights to all levels of your business. Configurable notifications, workflows, analytics, and mapping empower your safety personnel to make better decisions wherever they are.

Learn More
Request a Demo

Maintain a comprehensive view of the wellbeing of your workers, their needs, and the wellbeing initiatives conducted in your organization. Through various assessments, checks, analytics, and resources you can easily manage both the physical and mental wellbeing of personnel across various locations and programs.

Learn More
Request a Demo

A suite of tools to collect risk data from across your organziation from a range of stakeholders, in real time, and based on ISO standards. Fully customisable, with everything from a simple pre-task assessment though to an organisational risk register, we make it easy to capture risk data and provide the analytics to derive rich insights, to keep your organisation safe and compliant.

Learn More
Request a Demo

Track all your assets from your vehicle fleet, fixed or mobile plant and equipment though to your critical infrastructure using our range of tools. Plan maintenance ahead of time and by collecting lead indicator data from checklists and assessments on any mobile device, then enable users to update the status of your assets to track utilisation, share documentation and report issues.

Learn More
Request a Demo

Save time and money by enabling contractors to self-register and progress through a customizable workflow, to check documentation before becoming an approved contractor. Contractors can then be automatically followed up using workflows and notifications to keep their organziation compliant.

Learn More
Request a Demo

Streamline visitor sign-in using a QR code on a form tailored for your organisation. Visitors can complete inductions, answer questions and acknowledge content then have notifications triggered to their host based on their responses. Once on site, manage visitor cards, broadcast notifications and understand visitor trends to optimise your processes.

Learn More
Request a Demo

All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.

Learn More
Request a Demo
  • Physical Security Physical Security
  • Cyber Security Cyber Security
  • Visitor Management Visitor Management
  • Critical Infrastructure Protection Critical Infrastructure Protection
  • Emergency Management Emergency Management
  • Governance Risk & Compliance Governance, Risk & Compliance
  • Asset Management Asset Management
  • Contractor Management Contractor Management

Proactively manage all aspects of physical security operations from anywhere, on any device. Based on ISO standards, streamline your operations using workflow automations to guide information capture, enrichment, follow up tasks, and notifications. Validate threats and risks to drive better investment of your resources.

Learn More
Request a Demo

Manage cyber threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions, and drive continual improvement review cycles.

Learn More
Request a Demo

Streamline visitor sign-in using a QR code on a form tailored for your organisation. Visitors can complete inductions, answer questions and acknowledge content then have notifications triggered to their host based on their responses. Once on site, manage visitor cards, broadcast notifications and understand visitor trends to optimise your processes.

Learn More
Request a Demo

Consolidate the threat and risk picture across all your assets, easily demonstrate compliance with security obligations, and gain an ‘all threats’ perspective encompassing physical, cyber, personnel and supply chain. Address and manage cyber threats without having to implement costly new ICT systems and drive continuous improvement and review cycles.

Learn More
Request a Demo

All the information and tools needed to manage any incident effectively through the entire lifecycle of mitigation, preparedness, response, and recovery, following ISO, ICS and other national standards. Keep your whole team following the same plans, communicating on the same platform, and viewing the same operating picture - from any place or device.

Learn More
Request a Demo

Manage cyber, emergency and security threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions and drive continual improvement review cycles.

Learn More
Request a Demo

Track all your assets from your vehicle fleet, fixed or mobile plant and equipment though to your critical infrastructure using our range of tools. Plan maintenance ahead of time and by collecting lead indicator data from checklists and assessments on any mobile device, then enable users to update the status of your assets to track utilization, share documentation and report issues.

Learn More
Request a Demo

Save time and money by enabling contractors to self-register and progress through a customizable workflow, to check documentation before becoming an approved contractor. Contractors can then be automatically followed up using workflows and notifications to keep their organziation compliant.

Learn More
Request a Demo
  • Business Continuity Planning Business Continuity Planning
  • Crisis Management Crisis Management
  • Governance Risk & Compliance Governance, Risk & Compliance (GRC)
  • Continuity of Operations Continuity of Operations (COOP)

Follow ISO standard approaches to determine disruption impacts and develop plans & recovery strategies to address risks. Track gaps, dependencies and tests, capture exercises, and manage insurance details. Scale up to any incident and back down to business as usual as quickly as possible and drive continuous improvement.

Learn More
Request a Demo

Apply best practices to plan for, respond to, and manage critical events and exercises. Built on ISO standards, you can respond faster with better collaboration using plans and playbooks, smart workflows, and real-time dashboards and insights, to ensure better incident response, decision-making, and continuous improvement.

Learn More
Request a Demo

Manage cyber, emergency and security threats, risks, and treatments based on industry best-practice guidelines and ISO standards. Plan objectives and set targets, manage all elements of standards-compliance, and schedule and record audits and inspections. Manage non-compliances and corrective actions and drive continual improvement review cycles.

Learn More
Request a Demo

Ensure preparedness across your organisation. Conduct business impact assessments and quickly identify essential functions. Assess hazard and threat risks. Identify technology, assets, facilities, and critical personnel. Gather and assemble essential information and documents. Develop, test and maintain your COOP plans. From readiness and preparedness to reconstitution, manage all four phases of the Continuity of Operations Plan to minimize business loss and disruption.

Learn More
Request a Demo
A guide to developing your covid-19 return to work plan
Whitepaper

Developing Your COVID-19 Return to Work Plan

Access the Guide

Who We Are

The world’s leading platform for integrated safety & security management.

Learn More

What are the Physical Security Controls in ISO 27001?

For many organizations, COVID-19 has meant a halt to on-premise operations and the introduction of broad work-from-home policies.

Sure, that pivot has been key to business survival. But it does carry serious risk, including a greater opportunity for physical security incidents from less oversight. How to mitigate that risk with a remote, fragmented staff? Best-practice security standard, ISO 27001 offers some clues.

So, where do physical security controls factor into international standard, ISO 27001, which deals largely with information assets? Well, as the standard lays out, information assets exist in physical space, leaving them vulnerable, even despite the most robust cyber security measures.

And that’s exactly why ISO 27001 dedicates discussion to physical and environmental security control objectives and controls. The standard’s main takeaway: plan ahead.

Indeed, the practices outlined in the physical and environmental security control clauses even follow the same logic and framework as those that deal with digital information. That logic and framework being – the higher the value and risk, the higher the level of protection. Of course, information assets are under increased risk on the cyber front, as well, so Security teams must be extra vigilant.

What’s the solution? ISO 27001 offers up physical security requirements that fall into two broad categories: secure areas and equipment security. Secure areas provisions – secure areas being sites where organizations handle sensitive information or shelter valuable IT equipment and personnel to achieve important business objectives – deal with protecting the physical environment in which assets are housed, in other words: building, offices, etc.

Here, the standard instructs certifying organizations to look at risks relating to physical access to those assets. Organizations must then put in controls, where appropriate, to manage (limit or simply control) physical access to those assets – especially now that those facilities might be vacated or guarded by skeleton crews.

Download Introductory Guide to ISO 27001

The ISO 27001 protocols for equipment security follow the same logic. Essentially, they instruct organizations to consider where equipment is housed and whether it’s housed appropriately (or liable to be housed appropriately). That puts the onus on security managers to ask the following:

  • Is important IT equipment vulnerable?
  • Who’s responsible for maintaining equipment? Are they qualified?
  • What provisions are in place for equipment that leaves the premises?

The full list of ISO 27001 physical security controls follows:

Secure Areas

Type Control
Physical Security Perimeter Security perimeters (barriers such as walls, card-controlled entry gates or manned reception desks) shall be used to protect areas that contain information and information processing facilities.
Physical Entry Controls Secure areas shall be protected by appropriate entry controls to ensure that only authorized personnel are allowed access.
Securing Offices, Rooms, and Facilities Physical security for offices, rooms, and facilities shall be designed and applied.
Protecting Against External and Environmental Threats Physical protection against damage from fire, flood, earthquake, explosion, civil unrest, and other forms of natural or man-made disaster shall be designed and applied.
Working in Secure Areas Physical protection and guidelines for working in secure areas shall be designed and applied.
Public Access, Delivery, and Loading Areas Access points such as delivery and loading areas and other points where unauthorized persons may enter the premises shall be controlled and, if possible, isolated from information processing facilities to avoid unauthorized access.

Equipment Security

Type Control
Equipment Sitting and Protection Equipment shall be sited or protected to reduce the risks from environmental threats and hazards, and opportunities for unauthorized access.
Supporting Utilities Equipment shall be protected from power failures and other disruptions caused by failures in supporting utilities.
Cabling Security Power and telecommunications cabling carrying data or supporting information services shall be protected from interception or damage.
Equipment Maintenance Equipment shall be correctly maintained to ensure its continued availability and integrity.
Removal of Assets Equipment, information, or software shall not be taken off-site without prior authorization.
Security or Equipment Off-Premises Security shall be applied to off-site equipment taking into account the different risks of working outside the organization’s premises.
Secure Disposal or Re-Use of Equipment All items of equipment containing storage media shall be checked to ensure that any sensitive data and licensed software has been removed or securely overwritten prior to disposal.
Unattended User Equipment Users shall ensure that unattended equipment has appropriate protection.
Clear Desk and Clear Screen Policy A clear desk policy for papers and removable storage media and a clear screen policy for information processing facilities shall be adopted.

Finally, Security teams working in tandem with COVID-19 response teams must add mandatory evacuations (from public health crises) to the list of external and environmental threats against which valuable security assets must be protected, so as to prevent loss, damage, theft, and/or compromise that would imperil business continuity.

Not sure how to get the entire security apparatus up and running per best-practice guidance? Read our Guide to ISO 27001 to find out:

Download Introductory Guide to ISO 27001