Skip to content
Book a Demo

Physical Security Policy

Last Updated: July 9, 2024

Purpose

The Physical Security Policy establishes requirements to ensure that Breakout Learning Inc’s information assets are protected by physical controls that prevent tampering, damage, theft or unauthorized physical access. This policy defines the following controls and acceptable practices:

  • Definition of physical security perimeters and required controls
  • Personnel and visitor access controls
  • Protection of equipment stored off-site

Scope

This policy applies to all Breakout Learning Inc physical facilities and users of information systems within Breakout Learning Inc, which typically include employees and contractors, as well as any external parties that have physical access to the company’s information systems. This policy must be made readily available to all users.

Background

It is the goal of Breakout Learning Inc to safeguard information both virtually and physically, as well to provide a safe and secure environment for all employees. As such, access to the Breakout Learning Inc facilities is limited to authorized individuals only. All workforce members are responsible for reporting an incident of unauthorized visitor and/or unauthorized access to Breakout Learning Inc's facility.

Roles and Responsibilities

Chief Security Officer (CSO):

 

The Chief Security Officer is responsible for overseeing and ensuring the effective implementation of the organization's Physical Security Policy.

  • Policy Oversight: The CSO is responsible for regularly reviewing and updating the Physical Security Policy to address emerging threats and maintain alignment with industry best practices.
  • Security Assessments: The CSO oversees routine security assessments of physical assets and facilities to identify vulnerabilities and recommend improvements.
  • Incident Response: The CSO plays a key role in coordinating responses to physical security incidents, ensuring timely resolution and proper reporting.

Policy

General

 

  • Physical access to Breakout Learning Inc facilities is restricted.
  • All employees must follow physical security requirements and procedures documented by facility management.
  • On-site visitors and vendors must be escorted by a Breakout Learning Inc employee at all times while on premise.
  • All workforce members are responsible for reporting an incident of unauthorized visitor and/or unauthorized access to Breakout Learning Inc's facility.
  • A record is retained for each physical access, including visits, maintenance and repairs to Breakout Learning Inc production environments and secure facilities.
    • Details must be captured for all maintenance and repairs performed to physical security equipment such as locks, walls, doors, surveillance cameras; and
    • All records must be retained for a minimum of seven years.
  • Building security, such as fire extinguishers and detectors, escape routes, floor warden responsibilities, shall be maintained according to applicable laws and regulations.

 

Access Requirements

 

  • Physical access is restricted using badge readers and/or smart locks that track all access.
    • Restricted areas and facilities are locked when unattended (where feasible).
    • Only authorized workforce members receive access to restricted areas (as determined by the Security Officer).
    • Access and keys are revoked upon termination of workforce members.
    • Workforce members must report a lost and/or stolen key(s) or badge(s) to his/her manager, local Site Lead, or the Facility Manager.
    • The Facility Manager or designee is responsible to revoke access to the lost/stolen badge(s) or access key(s), and re-provision access as needed.
    • The Facility Manager or designee facilitates the changing of the lock(s) within 7 days of a physical key being reported lost/stolen.
  • Enforcement of Facility Access Policies
    • Report violations of this policy to the restricted area's department team leader, supervisor, manager, or director, or the Privacy Officer.
    • Workforce members in violation of this policy are subject to disciplinary action, up to and including termination.
    • Visitors in violation of this policy are subject to loss of vendor privileges and/or termination of services from Breakout Learning Inc.
  • Workstation Security
    • Workstations may only be accessed and utilized by authorized workforce members to complete assigned job/contract responsibilities.
    • All workforce members are required to monitor workstations and report unauthorized users and/or unauthorized attempts to access systems/applications as per the System Access Control Policy.
    • All workstations purchased by Breakout Learning Inc are the property of Breakout Learning Inc and are distributed to personnel by the company.

Building Standards per Location

 

Location(s)

  • Dallas, Texas Office:
    • The building is secured and requires an access card for entry
    • The office is secured and requires an access card for entry 24/7

 

Data Center Security

 

Physical security of data centers is ensured by Breakout Learning Inc’s cloud infrastructure service provider.

Personnel Training

(For Cloud Service Providers) All data center personnel will be trained to respond to unauthorized access/egress attempts to the data center(s).

 

Asset Security

 

The following factors will be considered and implemented, as applicable per risk assessments, and in conjunction with the following policies: Information Security Policy, Asset Management Policy, Data Protection and Data Classification. :

External/Environmental Threats

All assets owned or managed by Breakout Learning Inc will be housed in designated facilities with a level of protection equivalent to the sensitivity and criticality of the asset and the associated information. Additionally, the following factors will be considered:

  • The potential danger from environmental threats including weather, malicious attacks, and accidents.
    • Appropriate for risk mitigation must be implemented to reduce the potential for an incident to occur.
  • Monitoring environmental conditions in appropriate areas.
    • At a minimum, monitoring will be performed for fire/smoke in the general facility areas.
    • Internal secure areas must be subject to additional monitoring for temperature, water, power continuity, humidity and cleanliness.
  • Implementation of environmental controls in accordance with risk assessments.
    • Controls such as heating, ventilation, air conditioning, drainage, fire suppression, emergency lighting, continuous power and humidity control must be implemented in facilities, as appropriate.
    • If applicable, data centers must contain elements of each environmental control at sufficient levels.