Secure Working Areas
In general terms, secure working areas are areas within buildings or facilities where personnel work with sensitive information or assets (e.g. classified material). They should not be confused with:
- Secure rooms, which are only used for the storage of sensitive information/assets and are not where personnel will generally be working.
- Secure speech rooms, which are used for holding very sensitive discussions.
The threats (including methods of attack) and risks related to secure working areas, secure rooms and secure speech rooms are different and therefore require specific types of mitigation. However, the primary risks to all types are centred around espionage and include the loss of confidentiality, availability or integrity of the information or assets. Managing these risks requires an integrated approach to physical, personnel, technical and information security.
This page provides information relating to physical aspects of secure working areas only. Additional guidance on the other aspects can be found via the links on this page.
The process of physically securing secure working areas should include:
- writing an operational requirement
- the principle of locating them in spaces where the vulnerabilities are at their lowest (e.g. away from public areas, being overlooked etc)
- the concept of multiple layers, following the principles of deter, detect, delay etc
- the following three central pillars of barriers, access control and detection
- the physical measures being built using appropriate and proven materials, equipment and methods that are relevant to the threats (e.g. CPNI CLASS standards)
- the physical security measures being commensurate and compatible with personnel, information and technical security measures. Threats to secure working areas are likely to be persistent, and security will only be as strong as the weakest link
- the successful implementation of procedural controls to ensure security integrity.