Physical security encompasses the measures designed to protect an organisation's physical assets, facilities, and personnel from unauthorised access, damage, or interference. In an information security context, this includes access control systems for buildings and data centres (badge readers, biometric scanners), surveillance cameras (CCTV), security guards, environmental controls (fire suppression, flood detection), and secure disposal procedures for physical media.
Physical security is a foundational layer that underpins all other security controls, as even the most sophisticated logical access controls are ineffective if an attacker can physically access servers or network equipment. ISO 27001, SOC 2, and data centre standards such as ISO 27017 all require comprehensive physical security measures, and auditors will verify these controls through on-site inspections during certification assessments.