Access control policy

I bought the document “Access Control Policy”. It is OK but the physical security is nearly not part of this document. The security area concept is necessary for ISO 27001. I try to search for a document to use it as base for my concept. But I was not able to find one. In the ISO 27002 it is defined to create such a concept with several areas (like Zone A, B or C) and to have a matrix which describe the restrictions in the areas. Maybe, such a document can be added to your portfolio.

 

Answer:

Thanks for your suggestions, but keep in mind that there are different things: “A.9 Access control” and “A.11 Physical and environmental security”. The document “Access Control Policy” is only for “A.9 Access control”, and for “A.11 Physical and environmental security” is not mandatory to have a document (See this list of mandatory and non mandatory documents “List of mandatory documents required by ISO 27001 (2013 revision)”: https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/). Any way, related with security areas, you can find in the standard the control A.11.1.5 Working in secure areas, and we have a template for this “Procedures for Working in Secure Areas” : https://advisera.com/27001academy/documentation/procedures-for-working-in-secure-areas/ I hope that it can help you with your concept.
Finally, this article can be also interesting for you "Physical security in ISO 27001: How to protect the secure areas" : https://advisera.com/27001academy/blog/2015/03/23/physical-security-in-iso-27001-how-to-protect-the-secure-areas/