Medzy Trust Center

Below is a list of all related controls for this domain. A status of green means compliant, yellow means partially compliant, and red means non-compliant.

Delivery and Removal Management

The organization has implemented a management process for tracking the delivery and removal of assets entering or leaving the premises. This process encompasses procedures for receiving and inspecting assets upon arrival, ensuring their security, and documenting their removal. The goal of this process is to prevent unauthorized access, removal, or loss of assets, while maintaining accurate records of all assets owned by the organization.

Equipment and Utility Protection

Safeguards are established to protect critical equipment and utilities from physical and logical threats that could compromise their availability, reliability, and integrity. These safeguards may include physical security measures like access restrictions, surveillance systems, and environmental controls. The aim is to prevent damage, theft, unauthorized access, or misuse of equipment and utilities and to ensure their continued functionality to support organizational operations.

Media Security

The organization has implemented physical media security measures to protect data stored on physical devices, including laptops, hard drives, USB drives, CDs, DVDs, and backup tapes. These measures help prevent unauthorized access, tampering, theft, or loss of sensitive information, ensuring the confidentiality and integrity of the organization’s data.

Physical Access Monitoring

The organization monitors physical access to its facilities to prevent unauthorized entry and suspicious activity. Physical access logs are maintained to track the movement of people and assets within the organization’s facilities. Access controls are implemented to ensure that only authorized personnel are granted access to the facilities.

Physical Access Restriction and Monitoring

The organization has implemented physical access restrictions and monitoring measures to limit and monitor access to sensitive or critical areas of its facilities. This control aims to prevent unauthorized individuals from accessing areas where sensitive information or equipment is stored, such as data centers and server rooms. Physical access is restricted through the use of physical barriers, such as locks, security doors, and biometric access controls, while monitoring is performed via security cameras, access logs, and security personnel. The objective is to minimize the risk of physical security breaches and protect against theft, damage, or loss of assets.

Physical Security Policy

The organization has established a physical security policy that outlines the expectations for protecting the organization’s physical environment, including assets and personnel. Physical security aims to safeguard personnel, prevent unauthorized access, ensure data integrity, and maintain the availability of systems and data. As a critical component of an organization’s overall security strategy, this policy sets forth processes and guidelines for securing utilities, managing physical access, and protecting individuals on the premises.

System Maintenance

System maintenance is conducted regularly to prevent unplanned downtime and minimize the need for reactive maintenance. This includes inspections, testing, cleaning, and repair activities, as well as documentation of maintenance and tracking of performance. Employees are regularly trained on their roles and responsibilities in the maintenance program.