Do we need to have any physical security in place?
Organisations should manage their physical security risks in accordance with their defined overall risk tolerance. To determine this, organisations need to understand the value of their assets, their location and the impact of compromise or loss, both of the assets themselves and any key buildings (particularly CNI sites). It is best practice to include these in an appropriate and regularly reviewed risk register.
CREST does not currently seek qualification that any physical security measures are in place and has determined that this is a decision that should be made by you and will not impact on your membership application.
Further background information on the various descriptions and options relating to physical security can be found within these FAQs under Organisation Security.