Developing a Physical Access Policy for the SOC 2 Type II Audit

Post by
Net Friends

October is Cybersecurity Month, and we’ll be blogging about the preparations we made for our SOC 2 Type II audit this past September. We are committed to developing and adopting the security best practices that we ultimately recommend to our customers. At Net Friends, #OurPowerIsOurPeople and they are a big part of our success and growth as a company. Read more about how our people challenge and shape our practices throughout this month.

create durable solutions quote

In January 2019, we started the new year by moving into our new HQ in Durham. This presented Christine Vion with the challenge of learning, designing, and adopting our new ID badge and security system. As our HR Manager, she prioritizes the safety of our staff above all else. That priority involves securing the physical perimeter of our offices.

According to a recent survey, roughly 8% of all small businesses experience a burglary or theft in a given year. Burglary and theft also remain the most likely insurance liability claim for small businesses, despite the centered focus on digital theft and cybersecurity.

stat quote

As we began implementing security measures related to limiting exterior access to the building, the SOC 2 Type II audit made us think differently about physical security within the interior space of our new HQ. Our new Physical Security Policy required us to put controls in place to only “allow access to offices, rooms, and facilities using the least privilege rule.”

Net Friends made a conscious effort to avoid physical keys in favor of a 100% digital access system for all exterior and interior doors to our HQ. We ultimately ended up with multiple specific badge-protected doors, various door styles (single, double door, sliding barn doors), and 6 physical security zones with access restrictions.

Video cameras were strategically mounted throughout the interior building, overseeing the physical security zones and multiple exterior access doors. The badge design, testing, and key codes all had to be sorted out and disseminated to our staff prior to the big move-in day—amidst other competing priorities.

“I think of security like a NFL Superbowl winning team and we all have roles to play,” Christine said. “Our Security Officer is the Head Coach, who calls the plays to keep our company, employees, and clients safe. As HR in charge of physical security, I am the Line Backer. Lined up behind the other defensive lineman, my job is to defend the run (physical ground game with building/badge access security) and the pass (neutralize insider threats by [our] Multi-Layer Security Program). I strive to be the Jack Lambert of our IT Security Team!”

Christine carried out all of these physical security initiatives while maintaining a solid documentation trail and adhering to the Physical Access policy for our SOC 2 audit. On top of these priorities, she also had to adhere to a companion Physical Access policy with our partners, Castra Consulting, to provision their access badges as it relates to their staff onboarding and offboarding procedures. And if that wasn’t enough, Christine also fully accounted for badge and tracking procedures for our visitors and housekeeping staff.

The auditor was fully impressed with our badge system, surveillance, and physical access procedures during the onsite portion of the audit, commenting, “Christine is a great hire. She has everything entirely in order.” We certainly agree! #OurPowerIsOurPeople

Contact Us today to discuss your IT Security & Strategy!

Contact our IT
Support Center 24/7

Option 1: Call (919) 680-3763
Option 2: Email -
Option 3: Complete the form below
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

If your support issue requires immediate assistance, please call our office. Email & web form submissions are only reviewed during business hours.