ISO 27001:2022 Annex A 7.2 Physical entry

In this guide, I will show you exactly how to implement ISO 27001 Annex A 7.2 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy.

I am Stuart Barker, an ISO 27001 Lead Auditor with over 30 years of experience conducting hundreds of audits. I will cut through the jargon to show you exactly what changed in the 2022 update and provide you with plain-English advice to get you certified.

Key Takeaways: ISO 27001 Annex A 7.2 Physical Entry

ISO 27001 Annex A 7.2 requires organizations to secure entry points to buildings and facilities to ensure only authorized personnel have access. While Annex A 7.1 establishes the “boundary,” this control focuses on the management of people crossing that boundary. The goal is to prevent unauthorized physical access that could lead to the theft or compromise of information assets.

Core requirements for compliance include:

Authentication of Entry: All entry points (doors, gates, loading bays) must be secured. Access should be verified using technical controls such as RFID badge readers, biometric scanners, or traditional physical keys.
Visitor Management: You must have a formal process for handling guests. This includes authenticating their identity (ID checks), issuing temporary badges, and ensuring they are escorted by a host at all times.
Access Logs: Every entry and exit should be recorded. This can be a digital log from an access control system or a physical visitor sign-in book. These logs must be periodically reviewed for anomalies.
Delivery & Loading Zones: High-risk entry points like loading docks must be isolated from internal IT facilities and restricted to authorized delivery personnel only.
Tailgating Prevention: You must implement measures to prevent “tailgating” (someone following an authorized person through a door). This can be technical (turnstiles) or behavioral (staff training and awareness).

Audit Focus: Auditors will look for “The Entry Audit Trail”:

The Badge Test: An auditor may try to walk through a door behind an employee to see if they are challenged.
Visitor Records: “Show me the visitor log for last Tuesday. Did the visitor return their badge and sign out?”
The “Forgot My Pass” Protocol: “What happens if an employee forgets their badge? Show me the secondary verification process.”

Visitor Entry Checklist (Audit Cheat Sheet):

Workflow Step	Required Security Action	ISO 27001 Audit Evidence	ISO 27001:2022 Control
Arrival	Verify visitor identity.	Government Photo ID check.	7.2 (Physical Entry)
Sign-In	Record name, host, and time.	Digital Logbook or Sign-in Sheet.	7.2 (Physical Entry)
Badge Issue	Provide visible identification.	Colour-coded “Visitor” lanyard.	7.6 (Secure Areas)
Escort	Handover to employee host.	Host must collect from Reception.	7.6 (Working in Secure Areas)
Departure	Retrieve badge & sign-out.	Timestamped exit record.	7.2 (Physical Entry)

What is ISO 27001 Annex A 7.2?
ISO 27001 Annex A 7.2 Free Training Video
ISO 27001 Annex A 7.2 Explainer Video
ISO 27001 Annex A 7.2 Podcast
ISO 27001 Annex A 7.2 Implementation Guidance
How to implement ISO 27001 Annex A 7.2
Visitor Entry Checklist
ISO 27001 Physical Entry Template
How to pass the ISO 27001 Annex A 7.2 audit
What the auditor will check
Top 3 ISO 27001 Annex A 7.2 mistakes and how to avoid them
Applicability of ISO 27001 Annex A 7.2 across different business models.
Fast Track ISO 27001 Annex A 7.2 Compliance with the ISO 27001 Toolkit
ISO 27001 Annex A 7.2 FAQ
Related ISO 27001 Controls
Further Reading
ISO 27001 Annex A 7.2 Attribute Table

What is ISO 27001 Annex A 7.2?

The focus for this ISO 27001 Control is about protecting secure areas with access controls and entry points. As one of the ISO 27001 controls this is about keeping unauthorised people out of secure areas.

ISO 27001 Annex A 7.2 Physical Entry is an ISO 27001 control that requires an organisation to protect secure areas with access points and entry controls.

ISO 27001 Annex A 7.2 Purpose

ISO 27001 Annex A 7.2 is a preventive control to ensure only authorised physical access to the organisations information and other associated assets occurs.

ISO 27001 Annex A 7.2 Definition

ISO 27001 defines ISO 27001 Physical Entry as:

Secure areas should be protected by appropriate entry controls and access points.
ISO 27001:2022 Annex A 7.2 Physical Entry

ISO 27001 Annex A 7.2 Free Training Video

In the video ISO 27001 Physical Entry Controls Explained – ISO27001:2022 Annex A 7.2 I show you how to implement it and how to pass the audit.

ISO 27001 Annex A 7.2 Explainer Video

In this beginner’s guide to ISO 27001 Annex A 7.2 Physical Entry, ISO 27001 Lead Auditor Stuart Barker and his team talk you through what it is, how to implement in and how to pass the audit. Free ISO 27001 training.

ISO 27001 Annex A 7.2 Podcast

In this episode: Lead Auditor Stuart Barker and team do a deep dive into the ISO 27001 Annex A 7.2 Physical Entry. The podcast explores what it is, why it is important and the path to compliance.

ISO 27001 Annex A 7.2 Implementation Guidance

General Guidance

You are going to have to

consult a legal professional to ensure you operate within the law and regulation
only allow people you authorise into buildings, sites and physical locations
implement a process to manage access
review access on a regular basis
keep a log of access

ISO 27001 Physical Entry Checklist

There are considerations that may be appropriate

consider a reception area that is monitored
consider, if appropriate, searching people
take into account shared access with other organisations
have identification for staff and visitors
secure entry points such emergency access in a way that is legal and safe
the possibility of different technologies such as bio metrics
having a process for the management of physical keys

The implementation of physical entry is in the context of the physical security perimeter where you can find guidance in the Ultimate guide to ISO 27001 Annex A 7.1 Physical Security Perimeter.

Health and Safety

Your number one priority is to meet the requirements of law and regulation. Be sure to engage with a legal professional to understand what you can and cannot do and to check that you are not breaking any laws. The most significant laws are those around health and safety as the protection of human life and wellbeing is always our number priority. There are common things that should be considered such as entry point doors that fail open. Whilst we want to protect buildings and information our absolute priority is to protect people.

Define your access control requirements

Start by understanding your risk and doing a risk assessment. For guidance on how, read The Complete Guide to ISO 27001 Risk Assessment. This is going to be based on the needs of the business and the risks that you are managing. As a starting point there are basics such as having locks on doors but you can asses the strength of those locks and if other additional controls such as bio metrics or gates are required. Do what is right for you. Consider the environment around the location and the threats that may be posed and be sensible in addressing them.

Implement the access process

You will define, write, sign off and implement the access process based on risk and need. The process will take into account how you grant access, how you change access, how you revoke access and how you review access.

The review of access will be done regularly and you will set what is meant by regularly. A good rule of thumb would be monthly but there are many factors that influence how often you perform reviews. Those factors include:

how fast the personnel changes
the sensitivity of the site being accessed
the risk to business
the needs of business
past information security events

Your access process will include keeping, and keeping securely, a log of visitors. Some people use a log book, or digital records. Take into account here data protection laws and the length of time that you keep the information.

Topic specific physical and environmental security policy

To communicate to people what you do and what is expected you are going to write, sign off, implement and communicate your topic specific Physical and Environmental Security Policy.

Reception Areas

The standard is not saying that you must have a reception but that it can be considered. Be sensible when assessing this. If is appropriate then you can implement. It is not a requirement to have personnel to be deployed on reception but having it monitored by personnel would make sense. This could be done remotely rather than having someone sat there full time.

Visitors

The guidelines to review and consider for visitors

how to authenticate the identity of visitors
recording when people go in and out
supervising visitors or giving them explicit permission to roam alone

Visitor Badges

A great physical control is the use of identification for staff and visitors. A visitor badge or way that a visitor can be identified can quickly identify is someone is somewhere they should not be. Proportionate to your organisation.

Alarms and Monitors

When looking at alarms and monitors you are looking at a preventive control to alert you when something has occurred. We all know what alarms are and getting alarms fitted is a very good idea. You want to define your response process and make sure that contacts of who is informed is up to date. Who is getting that call at 2am in the morning and what are they going to do when they get it?

Physical Keys

If you have and need physical keys then you will need a process to manage them. Ensuring that they are allocated to the correct people and you account for if those people are not available or leave. This also applies to other required authentication tokens and passcodes such as combination locks. Some way to perform and annual audit and the use of a log book or similar.

CCTV

You can consider the use of CCTV but be aware that comes with some additional overheads with laws on data protection and the likes of GDPR. You should seek some legal advice before installing CCTV and be sure to do it in a way that is compliant if it is something that you do want to do. There are considerations such as how, how long, where, in what format you store the recordings. Then how do you get access to it, who can get access to it and how do you destroy it. It is not as simple as just banging up a Ring camera.

Secure Areas

The standard gives the guidance that a secure area can be an office that is locked or some internal area that has an internal security barrier. It takes into account that your physical locations maybe internal sub divided based on protection requirements. Usually this is implemented when you have a file room, an archive room, or a room where you store old IT equipment. On premises data centres and data rooms fall into this category as well but in this day and age they are few and far between with most people adopting a cloud based strategy.

How to implement ISO 27001 Annex A 7.2

Implementing ISO 27001 Annex A 7.2 requires a multi-layered approach to ensure that only authorised personnel, contractors, and visitors gain access to organisational facilities. By combining physical barriers with technical authentication and rigorous logging, organisations can mitigate the risks of unauthorised entry, tailgating, and physical data breaches.

1. Formalise a Physical Access Policy and Risk Assessment

Conduct a comprehensive survey of the facility to identify all potential entry points and define the security requirements for each zone based on asset sensitivity.

Identify all external perimeters, including main entrances, fire exits, loading bays, and roof access points.
Define specific IAM (Identity and Access Management) roles for physical spaces, ensuring the principle of least privilege is applied.
Establish a Physical Security Risk Assessment to determine where high-security controls, such as biometrics or MFA, are required.
Formalise the authorisation process for granting, changing, and withdrawing physical access rights.

2. Provision Physical Access Control Systems (PACS)

Deploy technical hardware and software to enforce entry restrictions and generate a verifiable audit trail of all movements.

Install electronic locks, turnstiles, or speed gates at all primary entry and exit points.
Utilise encrypted RFID fobs, smart cards, or biometric readers to prevent credential cloning.
Implement Multi-Factor Authentication (MFA) for entry into high-criticality areas such as data centres or communications rooms.
Ensure all entry events are logged in a centralised database with AES-256 encryption at rest.

3. Implement a Digital Visitor Management System

Replace manual sign-in sheets with a digital solution to maintain accurate Register of Entrants (ROE) documents and enhance visitor privacy.

Capture the name, organisation, host, and business purpose for every non-staff entrant.
Issue visually distinct temporary ID badges that clearly display an expiry date or time.
Mandate that all visitors sign a non-disclosure agreement (NDA) or code of conduct prior to being granted entry.
Configure the system to notify hosts automatically upon the arrival of their guests.

4. Execute Continuous Surveillance and Alarm Integration

Integrate detective controls to monitor entry points in real-time and alert security personnel to anomalous activities or breaches.

Deploy high-definition CCTV coverage at all entry and exit points with motion-triggered recording.
Provision an Intrusion Detection System (IDS) that is linked to a 24/7 monitoring station or alarm receiving centre.
Ensure all fire exits are fitted with local alarms to prevent unauthorised use as entry points.
Configure automated health alerts to detect hardware failures in the monitoring system immediately.

5. Revoke Access Rights and Conduct Regular Log Audits

Establish a rigorous review cycle to ensure that physical access remains aligned with current organisational roles and security requirements.

Formalise a process to revoke physical access immediately upon the termination of employment or contract.
Conduct monthly audits of physical access logs to identify patterns of unauthorised attempts or out-of-hours entry.
Perform periodic site walk-throughs to verify that doors are not being propped open and that tailgating is being prevented.
Maintain all audit records and ROE documents as evidence for the annual ISMS certification audit.

Visitor Entry Checklist

Step	Action	Responsibility
1. Arrival	Visitor signs into the Digital Logbook (Time In).	Reception
2. ID Check	Verify photo ID (Driver’s License / Passport).	Reception
3. Badge Issue	Issue “Visitor” lanyard (red/orange).	Reception
4. Escort	Host collects visitor (Never leave unescorted).	Host Employee
5. Departure	Return badge & Sign out (Time Out).	Reception

ISO 27001 Physical Entry Template

For ISO 27001 Annex A 7.2 Physical Entry you need a topic specific Physical and Environmental Security Policy Template.

ISO 27001 Physical and Environmental Security Policy - ISO 27001 Annex A 7.2 Template — ISO 27001 Physical and Environmental Security Policy Template

How to pass the ISO 27001 Annex A 7.2 audit

To comply with ISO 27001 Annex A 7.2 you are going to:

Define your physical access requirements
Define your internal sub zone physical perimeter requirements
Consult with a legal professional to ensure you are meeting legal and regulatory requirements
Implement your physical security access
Write, sign off, implement and communicate your topic specific Physical and Environmental Security Policy
Write, sign off, implement and communicate your perimeter incident response procedures
Implement a process of internal audit that checks that the appropriate controls are in place and effective and where they are not follow the continual improvement process to address the risks

What the auditor will check

The audit is going to check a number of areas of ISO 27001 Annex A 7.2. Lets go through them

1. That you have a physical entry control

One of the easier things for an auditor to check is the physical entry controls as it is usually the first thing they will encounter when they come to audit you if you have a physical location. For all the physical locations in scope they are going to visit and check.

2. The strength of the physical security access

They have been doing this a long time and done many audits so they know what to look for. They will test the controls and see what happens. They will try to open doors, open cupboards, gain access to areas they should not.

3. Documentation

They are going to look at audit trails and all your documentation. They will look at appropriate access reviews, logs of monitors and reports, incidents and how you managed them.

Top 3 ISO 27001 Annex A 7.2 mistakes and how to avoid them

The top 3 mistakes people make for ISO 27001 Annex A 7.2 Physical Entry are

1. Your physical security perimeter is turned off

What do I mean by turned off? In simple terms it means that you have a lockable door that should be locked and it not locked. You have a fire door that should be closed and locked but you have propped it open because it is a hot day.

2. One or more members of your team haven’t done what they should have done

Prior to the audit check that all members of the team have done what they should have. Have access reviews taken place? Who gets informed about about the alarm and do they still work here?

3. Your document and version control is wrong

Keeping your document version control up to date, making sure that version numbers match where used, having a review evidenced in the last 12 months, having documents that have no comments in are all good practices.

Applicability of ISO 27001 Annex A 7.2 across different business models.

Business Type	Applicability	Examples of Control Implementation
Small Businesses	Highly applicable for businesses with a physical office or small retail space. The focus is on basic deterrents and simple visitor management to prevent unauthorized people from wandering into staff areas.	Installing a doorbell with a camera (e.g., Ring) to screen visitors before remotely unlocking the main office door. Maintaining a physical visitor sign-in book at the reception desk to log the name, host, and time of entry for all guests. Ensuring that the back office or storage room is always locked and requires a physical key held only by designated staff.
Tech Startups	Critical for startups with physical labs or co-working spaces where high-value prototypes or servers are kept. Compliance involves using technical entry controls and enforcing strict guest escorting rules.	Using an electronic access control system (e.g., Kisi or Brivo) that requires a smartphone app or RFID fob to enter the development area. Issuing color-coded “Visitor” lanyards to all guests and ensuring they are escorted by an employee at all times. Configuring the entry system to automatically revoke access for contractors or temporary staff at the end of their contract.
AI Companies	Vital for protecting specialized GPU clusters and proprietary research environments. Focus is on high-security entry points and multi-factor physical authentication to prevent sophisticated physical breaches.	Implementing biometric scanners (e.g., fingerprint or facial recognition) at the entrance to high-performance computing (HPC) zones. Installing full-height turnstiles or “mantraps” at primary entry points to technically prevent tailgating by unauthorized persons. Using digital visitor management kiosks that automatically verify government photo ID before printing a time-limited guest pass.

Fast Track ISO 27001 Annex A 7.2 Compliance with the ISO 27001 Toolkit

For ISO 27001 Annex A 7.2 (Physical entry), the requirement is to protect secure areas with appropriate entry controls and access points. This is a common-sense physical security control that focuses on real-world access: reception areas, visitor logs, and physical keys.

Compliance Factor	SaaS Compliance Platforms	High Table ISO 27001 Toolkit	Audit Evidence Example
Policy Ownership	Rents access to your entry rules; if you cancel the subscription, your documented visitor protocols and history vanish.	Permanent Assets: Fully editable Word/Excel Physical and Environmental Security Policies that you own forever.	A localized “Visitor Entry Policy” defining ID verification steps and escort requirements for contractors.
Access Governance	Attempts to “automate” entry via dashboards that cannot physically verify a photo ID or ensure a visitor is escorted.	Governance-First: Formalizes reception workflows and real-world entrance protocols into an auditor-ready framework.	A completed “Visitor Entry Checklist” and physical logbook proving that every entry is authorized and recorded.
Cost Efficiency	Charges a “Physical Facility Tax” based on the number of locations or entry points tracked.	One-Off Fee: A single payment covers your governance documentation for one small office or a global network.	Allocating budget to actual physical protections (e.g., biometric locks or visitor badges) rather than monthly software fees.
Facility Freedom	Mandates rigid reporting structures that may not align with unique office layouts or specialized industrial environments.	100% Agnostic: Procedures adapt to any entrance type—manned receptions, turnstiles, or digital logbooks.	The ability to evolve your facility entry technology without reconfiguring a rigid SaaS compliance module.

Summary: For Annex A 7.2, the auditor wants to see that you have a formal policy for physical entry and proof that you follow it (e.g., visitor logs and ID checks). The High Table ISO 27001 Toolkit provides the governance framework to satisfy this requirement immediately. It is the most direct, cost-effective way to achieve compliance using permanent documentation that you own and control.

ISO 27001 Annex A 7.2 FAQ

What is ISO 27001 Annex A 7.2?

ISO 27001 Annex A 7.2 is a physical security control that mandates the implementation of secure entry points to ensure only authorised personnel can access organisational facilities.

Requires the use of physical barriers such as gates, doors, and turnstiles.
Mandates the use of authentication methods like badges, fobs, or biometrics.
Necessitates the recording of entry and exit times for all personnel.
Applies to both permanent staff and temporary visitors or contractors.

Is a visitor log mandatory for ISO 27001 physical entry?

Yes, maintaining a verifiable record of visitor access is a fundamental requirement of ISO 27001 Annex A 7.2 to ensure accountability and traceability.

Logs must include the visitor’s name, organisation, and time of entry/exit.
Records should identify the internal host responsible for the visitor.
Digital logs are preferred over paper to prevent unauthorised viewing of previous entries.
Retention periods for these logs must be defined in your data retention policy.

Does ISO 27001 require biometric access control?

No, the standard does not explicitly require biometrics, but it does require access controls to be proportionate to the risk identified in your assessment.

Standard offices may use simple RFID keycards or fobs.
High-security areas like data centres often implement biometrics as a secondary factor.
The choice of technology must be justified by your physical security risk assessment.
Controls must be regularly audited to ensure they remain functional and effective.

How do you manage physical access for contractors?

Contractor access must be restricted to specific authorised areas and timeframes, governed by a formal authorisation process.

Identify and verify the contractor’s identity before granting access.
Issue temporary, visually distinct ID badges that expire automatically.
Grant access only to the specific zones required for their task.
Ensure contractors are supervised if they have not undergone a background check.

What is tailgating in the context of physical security?

Tailgating is a security breach where an unauthorised person follows an authorised individual through a secure entry point without authenticating.

Prevented technically via turnstiles, “man-traps,” or anti-passback systems.
Mitigated through culture via regular employee security awareness training.
Should be monitored and detected using CCTV or physical security guards.
Is a common focal point for ISO 27001 auditors during site walk-throughs.

Should secure entry points be monitored?

Yes, ISO 27001 requires that all physical entry points are monitored to detect and respond to unauthorised access attempts or breaches.

Utilise CCTV coverage at all main entrances and exits.
Implement intrusion detection alarms for after-hours security.
Review access logs periodically to identify anomalous entry patterns.
Integrate monitoring with a central security management system where possible.

ISO 27001 Annex A 7.3 Securing Offices, Rooms And Facilities

ISO 27001 Annex A 7.6 Working In Secure Areas

ISO 27001 Annex A 7.5 Protecting Against Physical and Environmental Threats

ISO 27001 Annex A 7.2 Attribute Table

Control type	Information security properties	Cybersecurity concepts	Operational capabilities	Security domains
Preventive	Confidentiality Integrity Availability	Protect	Physical security Identity and Access Management	Protection

Availability, Confidentiality, Identity and Access Management, Integrity, Physical Security, Preventive, Protect, Protection

Stuart Barker

Stuart Barker is a veteran practitioner with over 30 years of experience in systems security and risk management. Holding an MSc in Software and Systems Security, he combines academic rigor with extensive operational experience, including a decade leading Data Governance for General Electric (GE).

As a qualified ISO 27001 Lead Auditor, Stuart possesses distinct insight into the specific evidence standards required by certification bodies. His toolkits represent an auditor-verified methodology designed to minimise operational friction while guaranteeing compliance.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wp_woocommerce_session_*	2 days	WooCommerce sets this cookie to make a unique code for each customer so that it knows where to find the cart data in the database for each one.
yith_wcmcs_currency	7 days	Required for currency conversion.
__stripe_mid	1 year	Stripe sets this cookie to process payments.
__stripe_sid	1 hour	Stripe sets this cookie to process payments.

Cookie	Duration	Description
yt-player-headers-readable	never	The yt-player-headers-readable cookie is used by YouTube to store user preferences related to video playback and interface, enhancing the user's viewing experience.
yt-remote-cast-available	session	The yt-remote-cast-available cookie is used to store the user's preferences regarding whether casting is available on their YouTube video player.
yt-remote-cast-installed	session	The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-fast-check-period	session	The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
yt-remote-session-app	session	The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
yt-remote-session-name	session	The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
ytidb::LAST_RESULT_ENTRY_KEY	never	The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.

Cookie	Duration	Description
sbjs_current	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_current_add	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_first	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_first_add	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_migrations	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_session	1 hour	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_udata	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.

Cookie	Duration	Description
PREF	8 months	PREF cookie is set by Youtube to store user preferences like language, format of search results and other customizations for YouTube Videos embedded in different sites.
VISITOR_INFO1_LIVE	6 months	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
VISITOR_PRIVACY_METADATA	6 months	YouTube sets this cookie to store the user's cookie consent state for the current domain.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
m	1 year 1 month 4 days	No description available.
_monsterinsights_uj	1 year	Description is currently not available.

Table of contents

What is ISO 27001 Annex A 7.2?

ISO 27001 Annex A 7.2 Purpose

ISO 27001 Annex A 7.2 Definition

ISO 27001 Annex A 7.2 Free Training Video

ISO 27001 Annex A 7.2 Explainer Video

ISO 27001 Annex A 7.2 Podcast

ISO 27001 Annex A 7.2 Implementation Guidance

General Guidance

ISO 27001 Physical Entry Checklist

Health and Safety

Define your access control requirements

Implement the access process

Topic specific physical and environmental security policy

Reception Areas

Visitors

Visitor Badges

Alarms and Monitors

Physical Keys

CCTV

Secure Areas

How to implement ISO 27001 Annex A 7.2

1. Formalise a Physical Access Policy and Risk Assessment

2. Provision Physical Access Control Systems (PACS)

3. Implement a Digital Visitor Management System

4. Execute Continuous Surveillance and Alarm Integration

5. Revoke Access Rights and Conduct Regular Log Audits

Visitor Entry Checklist

ISO 27001 Physical Entry Template

How to pass the ISO 27001 Annex A 7.2 audit

What the auditor will check

1. That you have a physical entry control

2. The strength of the physical security access

3. Documentation

Top 3 ISO 27001 Annex A 7.2 mistakes and how to avoid them

1. Your physical security perimeter is turned off

2. One or more members of your team haven’t done what they should have done

3. Your document and version control is wrong

Applicability of ISO 27001 Annex A 7.2 across different business models.

Fast Track ISO 27001 Annex A 7.2 Compliance with the ISO 27001 Toolkit

ISO 27001 Annex A 7.2 FAQ

What is ISO 27001 Annex A 7.2?

Is a visitor log mandatory for ISO 27001 physical entry?

Does ISO 27001 require biometric access control?

How do you manage physical access for contractors?

What is tailgating in the context of physical security?

Should secure entry points be monitored?

Related ISO 27001 Controls

Further Reading

ISO 27001 Annex A 7.2 Attribute Table

Stuart Barker