ISO/IEC 27001 Control 7.4: Physical security monitoring
Control
Premises should be continuously monitored for unauthorized physical access.
Necessity of MidPoint
MidPoint is optional for implementation of this control.
Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.
Implementation Overview
MidPoint can control access to surveillance and alarm systems.
Implementation Details
Provisioning capabilities of midPoint, together with role-based access control (RBAC) policies can be used to grant access to monitoring and alarms systems to appropriate personel. Even more importantly, the same mechanisms can be used to revoke the access when it is no longer appropriate. MidPoint policies can be used to make sure only minimal necessary set of people can access to video surveillance, minimizing privacy risks. E.g. midPoint can be set up in such a way that only a small surveillance staff has permanent access to video surveillance, granting temporary access to more people (incident responders, investigators) only in case of security event. Such access is automatically revoked when security event handling is finished.
Rationale
This control is mostly about physical security, which is out of reach of midPoint. However, midPoint can provide access control capabilities for physical security, surveillance and alarm systems.