A.12.1.1: Documented Operating Procedures
Document and maintain operating procedures for information processing facilities.
A.11.2.9: Clear Desk and Clear Screen Policy
Adopt a clear desk policy for papers and removable storage media and a clear screen policy for information processing facilities.
A.11.2.8: Unattended User Equipment
Develop and implement procedures to protect unattended user equipment.
A.11.2.7: Secure Disposal or Re-Use of Equipment
Ensure that equipment containing storage media is checked to verify that any sensitive data and licensed software has been removed or securely overwritten.
A.11.2.6: Security of Equipment and Assets Off-Premises
Ensure the security of equipment and assets used off-premises.
A.11.2.5: Removal of Assets
Implement policies and procedures to manage the removal of assets to ensure the protection of assets that leave the organization's premises.
A.11.2.4: Equipment Maintenance
Maintain equipment to ensure its continued availability and integrity.
A.11.2.3: Cabling Security
Protect power and telecommunications cabling to prevent interception or damage.
A.11.2.1: Equipment Siting and Protection
Site and protect equipment to reduce risks from environmental threats and hazards, and opportunities for unauthorized access.
A.11.1.6: Delivery and Loading Areas
Protect delivery and loading areas to ensure that they are controlled.
A.11.1.5: Working in Secure Areas
Design and apply procedures for working in secure areas.
A.11.1.4: Protecting Against External and Environmental Threats
Protect equipment from external and environmental threats.
A.11.1.3: Securing Offices, Rooms, and Facilities
Ensure that offices, rooms, and facilities are physically secure.
A.11.1.1: Physical Security Perimeter
Establish physical security perimeters to protect areas that contain information and information processing facilities.