Impro Trust Center

Below is a list of all related controls for this domain. A status of green means compliant, yellow means partially compliant, and red means non-compliant.

Delivery and Removal Management

The organization has implemented a management process for tracking the delivery and removal of assets entering or leaving the premises. This process encompasses procedures for receiving and inspecting assets upon arrival, ensuring their security, and documenting their removal.

Equipment and Utility Protection

Safeguards are established to protect critical equipment and utilities from physical and logical threats that could compromise their availability, reliability, and integrity. These safeguards may include physical security measures like access restrictions, surveillance systems, and environmental controls. The aim is to prevent damage, theft, unauthorized access, or misuse of equipment and utilities and to ensure their continued functionality to support organizational operations.

Guest Network Security

Guest networks are established as a separate network or segment to provide secure and convenient internet access to guests, visitors, or non-employee users while keeping them isolated from the organization’s internal network. The guest network is configured with its own security baseline, including authentication and access control requirements to ensure that only authorized users can access the internet without any internal resources. This helps prevent potential threats from external sources and ensures the security of organizational resources.

Media Security

The organization has implemented physical media security measures to protect data stored on physical devices, including laptops, hard drives, USB drives, CDs, DVDs, and backup tapes. These measures help prevent unauthorized access, tampering, theft, or loss of sensitive information, ensuring the confidentiality and integrity of the organization’s data.

Physical Access Monitoring

The organization monitors physical access to its facilities to prevent unauthorized entry and suspicious activity. Physical access logs are maintained to track the movement of people and assets within the organization’s facilities. Access controls are implemented to ensure that only authorized personnel are granted access to the facilities.

Physical Access Restriction and Monitoring

The organization has implemented physical access restrictions and monitoring measures to limit and monitor access to sensitive or critical areas of its facilities.

Physical Security Policy

The organization has established a physical security policy that outlines the expectations for protecting the organization’s physical environment, including assets and personnel. Physical security aims to safeguard personnel, prevent unauthorized access, ensure data integrity, and maintain the availability of systems and data.

System Maintenance

System maintenance is conducted regularly to prevent unplanned downtime and minimize the need for reactive maintenance. This includes inspections, testing, cleaning, and repair activities, as well as documentation of maintenance and tracking of performance. Employees are regularly trained on their roles and responsibilities in the maintenance program.

Wireless Network (WiFi) Security

Wireless network security measures are implemented to protect against unauthorized access, misuse, and attacks on the network. These measures include authentication protocols, encryption techniques, access controls, and network monitoring tools to safeguard sensitive data transmitted over wireless networks. The objective is to ensure the confidentiality, integrity, and availability of wireless network resources and prevent security incidents, unauthorized access, and data breaches.