The entity restricts physical access to facilities and protected information assets to authorized personnel to meet the entity’s objectives
Processes are in place to create or modify physical access to facilities such as data centers, office spaces, and work areas, based on authorization from the system’s asset owner
Processes are in place to remove access to physical resources when an individual no longer requires access
Processes are in place to periodically review physical access to ensure consistency with job responsibilities.