Loading and unloading areas and ISO 27001

Answer: ISO 27001 control A.11.1.6 (Delivery and loading areas Control) requires that access to loading & unloading areas, and to other similar areas with frequent presence of non-organization personnel, to be controlled to prevent unauthorized access to organization's premises. Recommendations from ISO 27002, a supporting standard to implement ISO 27001 controls, can be resumed as:
- isolate these areas from organization's main premises
- allow access to this area only to authorizes and identified personnel
- design the facility so no delivery personnel may need to access other organization's premises
- only open internal doors when external doors are secured
- inspect all material delivered to avoid entering unsecure or tampered material into organization's premises
- register all material delivered
- segregate incoming from outgoing shipments

2 - Second question, as under phys ical & environmental security we have-equipment security-I want to understand all IT assets are also equipment right? So any physical device/asset is under that right?

Answer: You can include IT assets under a Physical & environmental security policy / procedure, as well as other physical assets, such as electrical equipment (e.g., generators and UPSs, and ventilation and air conditioning machines) that are needed to ensure information security.

We've received this question:

>I am fully satisfied with the answer for loading & unloading area. I do understand what the standard says but how to make it from scratch? So just consider any office, and I have to make a new loading & unloading area.

Answer:

Once you already have the requirements for this new area, you have to assess your office to verify if you have any environment (e.g., an room or free area) available that can fulfill them (the most restrictive ones will be those related to an isolated environment and the existence of internal and external doors, because all others are related to actions and signalization).

If you now do not have such available area you will have to build one (if this control is considered applicable). In this case you will have to include these requirements to the responsible to build this new area, so you can ensure it will fulfill control A.11.1.6.