Physical Security Policy

Breakout Learning Inc.

Purpose

This policy establishes physical security requirements to ensure Breakout Learning Inc’s information assets are protected from tampering, damage, theft, or unauthorized access.

Scope

This policy applies to all Breakout Learning Inc personnel, contractors, and any external parties who may have physical access to company-managed assets.

Roles and Responsibilities

• Chief Information Security Officer (CISO):
  • Oversees the implementation and enforcement of the Physical Security Policy.
  • Conducts security assessments and coordinates responses to security incidents.

Policy

• Access Control:
  • Physical access to company-managed assets is restricted to authorized individuals.
  • Access must be monitored, and logs of access must be retained for a minimum of seven years.
  • Lost or stolen access devices (e.g., keys or badges) must be reported immediately for revocation.
• Asset Protection:
  • All sensitive assets must be stored in secure environments, with protection against environmental and physical threats, as per risk assessments.
  • Environmental controls such as temperature, fire detection, and power continuity must be in place where necessary.
• Data Center Security:
  • Physical security of cloud data centers is managed by Breakout Learning Inc’s cloud service providers.

Enforcement

• Any violations of this policy must be reported to the Chief Information Security Officer (CISO) or appropriate management. Employees or contractors found in violation may face disciplinary action.

Revision History