Manage IT Physical Space - Morland-Austin

This article provides an overview of SOX 404 control Manage IT Physical Space.

The typical SOX 404 IT controls for Manage IT Physical Space are as follows.

Physical Access
Description: A documented process exists for physical access to the computer facilities.

Control Objective: Physical access to computer facilities by all persons should be justified, authorised, logged and monitored.

Typical Evidence:

There is a documented process in place for granting access to the computer facilities.
The document lists who can grant access.
The process details the request and approval process.
There is a documented access removal process for the computer facilities.
The process documents how and by when access should be removed.
There is a documented process in place to review access appropriateness regularly.

Physical Security Features
Description: Physical security features are in place to restrict access to only approved persons.

Control Objective: Physical access to computer facilities by all persons should be justified, authorised, logged and monitored.

Typical Evidence:

The physical security for the building is documented.
The physical security for the computer technology within the building is documented.

For more information please contact Morland-Austin at info@morland-austin.com.

Find your way around our IT GRC Framework Educate & Explore

Where next?

Increase your knowledge
Links & relationships within the framework

Find out how Manage IT Physical Space link(s) and relate(s) to:

Speak to one of our experts

Our IT GRC experts can help you with guidance and consultancy on ‘IT Compliance Management – SOX 404’