Organizations should ensure that before equipment (e.g., servers, network infrastructure, information systems) is installed, the location where the equipment is planned to be installed is reviewed to ensure any physical security risks are addressed.

If equipment placement considerations are not addressed, organizations are susceptible to unplanned outages, failures of supporting utilities, UPS failures, or potential generator capacity issues. These considerations, and why they matter, are the focus of pitfall #43 in my eBook, Security Program Pitfalls and Prescription to Avoid Them.

Information systems and devices should be located in secure areas. The more critical the equipment is to your organization, the more secure the area where the equipment is installed should be. Equipment needs to be protected to reduce risks from environmental threats, protected to reduce risks from hazards, and secured to reduce opportunities for unauthorized access. Your organization’s risk assessment results should be referenced to ensure that any applicable risks have been considered and addressed.

Adding new infrastructure devices, servers, or other systems and tools can impact the performance capabilities of your supporting utilities. Your organization should perform an assessment prior to installation to ensure the supporting tools and utilities are capable of supporting the new infrastructure or other hardware devices. This assessment is important as an overloaded UPS, a lack of rack space, insufficient power (PDU) outlets, or even insufficient temperature and humidity controls can create an unplanned, unexpected outage for your organization.

Physical access should be restricted to wireless access points, gateways, network hardware, communications hardware, and telecommunication lines. Environmental conditions such as temperature and humidity should be managed and continuously monitored for changes that could adversely affect the operation of information systems or infrastructure devices.