Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

DS12.4 - Protection Against Environmental Factors

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective DS12.4 - Protection Against Environmental Factors is contained within Process Popup Manage the Physical Environment.

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

This Topic Has:
10 Members
0 Online
4276 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer

Protection Against Environmental Factors

Design and implement measures for protection against environmental factors. Install specialised equipment and devices to monitor and control the environment.

View value and Risk Drivers  help

Hide value and Risk Drivers help

Value Drivers

  • Identification of all potential environmental threats to the IT facilities
  • Prevention or timely detection of environmental threats
  • Reduced risk of claims against insurance companies being rejected for non-compliance with the requirements of insurance policies, and minimised insurance premiums
  • Appropriate protection against environmental factors
  Risk Drivers
  • Facilities exposed to environmental impacts
  • Inadequate environmental threat detection
  • Inadequate measures for environmental threat protection

View Control Practices  help

Hide Control Practices  help

  1. Establish and maintain a process to identify natural and man-made disasters that might occur in the area within which the IT facilities are located. Assess the potential effect on the IT facilities.
  2. Define and implement a policy that identifies how IT equipment, including mobile and offsite equipment, is protected against environmental threats. The policy should limit or exclude eating, drinking and smoking in sensitive areas, and prohibit storage of stationery and other supplies posing a fire hazard within computer rooms.
  3. Situate and construct IT facilities to minimise and mitigate susceptibility to environmental threats.
  4. Define and implement a process to regularly monitor and maintain devices that proactively detect environmental threats (e.g., fire, water, smoke, humidity).
  5. Define and implement procedures to respond to environmental alarms and other notifications. Document and test procedures, which should include prioritisation of alarms and contact with local emergency response authorities, and train personnel in these procedures.
  6. Compare measures and contingency plans against insurance policy requirements, and report results. Address points of non-compliance in a timely manner.
  7. Ensure that IT sites are built and designed to minimise the impact of environmental risks (e.g., theft, air, fire, smoke, water, vibration, terror, vandalism, chemicals, explosives). Consider specific security zones and/or fireproof cells (e.g., locating production and development environments/servers away from each other).
  8. Keep the IT sites and server rooms clean and in a safe condition at all time, i.e., no mess, no paper or cardboard boxes, no filled dustbins, no flammable chemicals or materials.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 63 total

Must be a Topic member to contribute
View All »
Posted by ISACA 854 days ago
Posted by ISACA 924 days ago
Posted by ISACA 1201 days ago

Events & Online Learning: 12 total

16 Mar 2015
ISACA International Event
Orlando, FL, USA
1 Aug 2016
ISACA International Event
Chicago, IL, USA
4 Jun 2018
ISACA International Event
Philadelphia, PA, USA

Journal Articles: 157 total

Volume 6, 2015
by Ed Gelbstein, Ph.D.
An auditor will sooner or later be faced with two kinds of conflicts: conflict of interest and interpersonal conflict.
Volume 5, 2107
by Marianne Bradford, Ph.D., and Dave Henderson, Ph.D.
Although generalized audit software (GAS) has been shown to significantly improve the efficiency and effectiveness of audits, many auditors do not use this technology.
Volume 3, 2018
by ISACA Member and Certification Holder Compliance
An up-to-date listing of the current IT Audit and Assurance Standards, Guidelines, and Tools and Techniques
Volume 3, 2018
by Steven J. Ross, CISA, CISSP, MBCP
For information security professionals, the trip from a proprietary data center to a combination of cloud computing, Software as a Service (SaaS), colocation (colo) facilities and managed services is not half the fun.
Volume 3, 2018
by Ian Cooke, CISA, CRISC, CGEIT, COBIT Assessor and Implementer, CFE, CPTE, DipFM, ITIL Foundation, Six Sigma Green Belt
In previous columns, I advocated the use of an ISACA paper on creating audit programs. This article will once again apply this process to build an audit program for privacy for your organization.
Volume 3, 2018
by Yuri Bobbert, CISM, CISA, SCF, and Talitha Papelard-Agteres, CISM
Understanding the key factors that influence effective BIS is crucial for business leaders; otherwise, security problems can occur, which can lead to financial loss, unavailability, reputational damage or even bankruptcy.

Wikis: 2 total

Blog Posts: 20 total

Have you experienced ransomware attack so far and, if yes, what did you do to resolve? I set up Twitter poll here: It lasts for seven days. Thank you for taking part in the poll.
Posted By : Dragan Pleskonjic | 5 comments
My personal thoughts after listening to C-level executives at the CxO Roundtable Series sponsored by Intel, IBM, HyTrust & ReedSmith. For an invite, please reach out to me. Data Protection under the GDPR For past few months, I’ve been helping to org...
Posted By : Thomas152 | 1 comments
Information Security and Privacy is hot issue at present time. Number of security breaches is rapidly increasing.  In case of late detection, costs of breaches are skyrocketing. In the same time Artificial Intelligence (AI), Machine Learning (ML) are fast...
Posted By : Dragan Pleskonjic | 0 comments
My previous blog under name "Dragan on Security" was at location: It was active from August 28, 2005 to October 3, 2012. By beginning of 2017 it is moved to new location With possibility to...
Posted By : Dragan Pleskonjic | 0 comments
Senior Manager           ultimate responsibility Information security Officer          functional responsibility Security Analyst           Strategic, develops policies and guidelines Owner         - Responsible for asset         - Determine level of clas...
Posted By : Muhammad554 | 0 comments
“Enterprise architecture is now a strategic componentof every forward-thinking organization around the world.”Source: Related Article: Common Perspective on Enterprise Architecture: http://feapo....
Posted By : SA | 1 comments