Unauthorized parties gain physical access to critical or sensitive information processing facilities due to inadequate physical security policies and standards.
The organization:
a. Employs [Assignment: organization-defined security controls] at alternate work sites;
b. Assesses as feasible, the effectiveness of security controls at alternate work sites; and
c. Provides a means for employees to communicate with information security personnel in case of security incidents or problems.
An alternative, offsite work site is available in the event of a natural disaster in the primary processing location.
No statewide control
Obtain physical and environmental protection policy; procedures addressing alternate work sites for organizational personnel; list of management, operational, and technical security controls required for alternate work sites; other relevant documents or records and ascertain if the organization employs appropriate management, operational, and technical information system security controls at alternate work sites.
