>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SO-06Periodic Review of Physical Access

>Control Description

Organization performs physical account and access reviews on a quarterly basis; corrective action is taken where applicable.

Theme

Process

Type

Detective

Policy/Standard

Physical and Environmental Security Policy

>Implementation Guidance

1. Design and document a process for physical access review and frequency. 2. Ensure access review is performed as per defined frequency and necessary action is taken, if required..

>Testing Procedure

1. Inspect Organization's Physical Access Policy to determine whether requirements for physical access review are defined. 2. Inspect quarterly physical access review documentation for a sample of quarters and a sample of Organization-owned data rooms to determine whether the access review is completed, and corrective actions is documented and resolved for any access that should be revoked.

>Audit Artifacts

E-SO-08
E-SO-11
E-SO-12

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

FedRAMP Rev 5
3

PE-02
PE-06
PS-05

PCI DSS
6

9.3
9.3.1
9.3.1.1
9.3.2
9.3.3
9.3.4

HIPAA Security Rule
3

164.310(a)(1)
164.310(a)(2)(ii)
164.310(a)(2)(iii)

SOC 2
1

CC6.4

BSI C5
1

PS-04

TX-RAMP
3

PE-2
PE-6
PS-5

Ask AI

Configure your API key to use AI features.