Back

Establish, implement, and maintain work environment requirements.


CONTROL ID
06613
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an environmental control program., CC ID: 00724

This Control has the following implementation support Control(s):
  • Apply noise-prevention devices to organizational assets, as necessary., CC ID: 16141
  • Establish, implement, and maintain system cleanliness requirements., CC ID: 06614


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Equipment installed in a power supply room or air-conditioner room should be arranged with the specified separation distances in accordance with relevant laws and regulations. (F53.1., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • To facilitate the maintenance and management and prevent possible expansion of any failure arising in a power supply room and air-conditioner room, it is recommended that power rooms and air-conditioner rooms be dedicated and independent from other rooms. (F54.1., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • The organization should use traditional analog telephones in shared areas and in the lobby. (Control: 1015, Australian Government Information Security Manual: Controls)
  • The Business Continuity Management team should maintain a central inventory for each individual business environment, which includes Business Continuity plans. (CF.20.02.06b, The Standard of Good Practice for Information Security)
  • The Business Continuity Management team should maintain a central inventory for each individual business environment, which includes Business Continuity plans. (CF.20.02.06b, The Standard of Good Practice for Information Security, 2013)
  • Policies and procedures shall be established, and supporting business processes implemented, for maintaining a safe and secure working environment in offices, rooms, facilities, and secure areas. (DCS-06, Cloud Controls Matrix, v3.0)
  • Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for maintaining a safe and secure working environment in offices, rooms, and facilities. Review and update the policies and procedures at least annually. (DCS-03, Cloud Controls Matrix, v4.0)
  • The organization shall implement the following requirements for managing the work environment: establish requirements for cleanliness, health, and clothing, if contact between the product or work environment and the personnel could adversely affect quality; establish requirements for the work enviro… (§ 6.4, ISO 13485:2003 Medical devices -- Quality management systems -- Requirements for regulatory purposes, 2003)
  • the ability to remove themselves from work situations that they consider present an imminent and serious danger to their life or health, as well as the arrangements for protecting them from undue consequences for doing so. (§ 7.3 ¶ 1 f), ISO 45001:2018, Occupational health and safety management systems — Requirements with guidance for use, First Edition)
  • use engineering controls and reorganization of work; (§ 8.1.2 ¶ 1 c), ISO 45001:2018, Occupational health and safety management systems — Requirements with guidance for use, First Edition)
  • Standard: Workstation use. Implement policies and procedures that specify the proper functions to be performed, the manner in which those functions are to be performed, and the physical attributes of the surroundings of a specific workstation or class of workstation that can access electronic protec… (§ 164.310(b), 45 CFR Part 164 - Security and Privacy, current as of July 6, 2020)
  • Policy and regulations regarding the physical operating environment for organizational assets are met. (PR.IP-5, Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0)