Physical Security Policy
SOC 2 Criteria: CC6.4
ISO 27001 Annex A: A.11.1, A.11.2.1, A.11.2.2, A.11.2.3, A.11.2.5, 11.2.6
Keywords: Facilities, Access Requirements, Asset Security
Purpose
The Physical Security Policy establishes requirements to ensure that Userflow’s information assets are protected by physical controls that prevent tampering, damage, theft or unauthorized physical access. This policy defines the following controls and acceptable practices:
- Definition of physical security perimeters and required controls
- Protection of equipment stored off-site
Scope
This policy applies to all Userflow physical facilities and users of information systems within Userflow, which typically include employees and contractors, as well as any external parties that have physical access to the company’s information systems. This policy must be made readily available to all users.
Roles and Responsibilities
The acting information security officer and team will facilitate and maintain this policy and ensure all employees have reviewed and read the policy.
Policy
General
- Physical access to Userflow facilities is restricted.
- All workforce members work remotely and must make sure their assets such as laptops are always properly secured.
Access Requirements
- Workstation Security
- All workforce members are required to monitor workstations and report unauthorized users and/or unauthorized attempts to access systems/applications as per the System Access Control Policy.
- All workstations purchased by Userflow are the property of Userflow and are distributed to personnel by the company.
Data Center Security
Physical security of data centers is ensured by Userflow’s cloud infrastructure service provider: Google Cloud Provider.