Physical Security Policy
Authoritative document
- Link to PDF or official URL: TBD
Ownership
| Field | Value |
|---|---|
| Owner | Takayuki KIKUCHI |
| Last reviewed | 2026-4-13 |
Purpose
To prevent unauthorized physical access or damage to the organization's information and information processing facilities.
Scope
All Rendering Consulting Inc offices and locations. This Policy applies to all employees of Rendering Consulting Inc, and to all external parties with physical access to Rendering Consulting Inc owned or leased facilities.
Physical security perimeter
Physical offices and processing facilities shall meet all local building codes for construction materials for walls, windows, doors, and access control mechanisms. Rendering Consulting Inc operates within a private, locked office located in a shared building. Access to the office floor is restricted by a building-managed card key system. No individual server rooms or wiring closets are maintained on-premises.
Physical entry controls
Secure areas shall be protected by appropriate entry controls to ensure that only authorized personnel are allowed access. Where possible, Rendering Consulting Inc access control systems shall be tied to a centralized system that provides granular access control for individual personnel. Access events shall be appropriately logged and reviewed as needed according to risk. Cameras and intrusion detection systems are provided by the building management in common areas. Rendering Consulting Inc's production data is hosted entirely on Microsoft Azure; no production data is processed or stored on-premises.
Securing offices, rooms & facilities
Physical security for offices, rooms and facilities shall be designed and applied to protect from theft, misuse, environmental threats, unauthorized access, and other threats to the confidentiality, integrity, and availability of classified data and systems.
Protecting against external & environmental threats
Physical protection against natural disasters, malicious attack or accidents shall be designed and applied. Secure areas shall be monitored through the use of appropriate controls, such as intrusion detection systems, alarms, and/or video surveillance systems, where feasible. Visitor and third-party access to secure areas shall be restricted to reduce the risk of information loss and theft. Fire suppression systems, emergency backup power, and other environmental controls for common areas are provided and maintained by the building management. Rendering Consulting Inc's production infrastructure is hosted by Microsoft Azure, whose physical and environmental security controls are reviewed through Microsoft Azure's SOC 2 and ISO 27001 attestation reports on at least an annual basis. Physical information system hardware and supporting infrastructure shall be regularly serviced and maintained in accordance with the manufacturer's recommendations.
Working in secure areas / visitor management
Visitors, delivery personnel, outside support technicians, and other external agents shall not be permitted access to secure areas without escort and/or appropriate oversight. Third-parties in secure areas shall sign in and out on a visitor log and shall be escorted or monitored by Rendering Consulting Inc personnel. Rendering Consulting Inc personnel observing unescorted visitors should approach the visitor, confirm their status, and ensure they return to approved areas, or report the observation to the responsible authority as needed. External party access to secure areas shall be confirmed with appropriate Rendering Consulting Inc personnel prior to being granted access. Rendering Consulting Inc personnel providing access to external parties into secure areas are responsible for ensuring that the third-party personnel adhere to all security requirements, and are accountable for all actions taken by outsiders they provide with access. Visitors may be allowed to work unescorted provided that the Rendering Consulting Inc sponsoring party can ensure that they will not have unauthorized access to Rendering Consulting Inc information systems, networks, or data.
Supplier, vendor, and third-party security
Suppliers, vendors, and third-parties shall comply with Rendering Consulting Inc physical security and environmental controls requirements. Rendering Consulting Inc shall assess the adequacy of third-party physical security controls as part of the vendor management process, in accordance with the Third-Party Management Policy.
Exceptions
Requests for an exception to this policy must be submitted to the CEO for approval.
Violations & enforcement
Any known violations of this policy should be reported to the CEO. Violations of this policy can result in immediate withdrawal or suspension of system and network privileges and/or disciplinary action in accordance with company procedures up to and including termination of employment.