Checklist of ISO/IEC 27001-A.11.1.4 Protecting against external and environmental threatsC


The security of an organization’s physical environment is crucial for protecting its assets and maintaining business continuity. 

In ISO/IEC 27001:2013, Annex A.11 covers the physical and environmental security aspects of information security management. In this article, we will focus on A.11.1.4, which deals with protecting against external and environmental threats. 

We will discuss the importance of protecting against such threats and provide a checklist for reviewing protective controls.

Sample Checklist:

Protecting against external and environmental threats:

External and environmental threats can come in various forms, such as fire, smoke, flooding, lightning, intruders, and vandals. These threats can cause damage to an organization’s physical assets, disrupt business operations, and result in data loss. Hence, it is crucial to have appropriate protective controls in place to prevent or mitigate the impact of these threats.

Checklist for reviewing protective controls:

To ensure that an organization is adequately protected against external and environmental threats, the following checklist can be used:

  • Are fire detection and suppression systems installed and tested regularly?
  • Are all critical areas protected by automatic fire suppression systems?
  • Is a fire evacuation plan in place, and has it been tested?
  • Is the organization’s physical perimeter secured with appropriate barriers and fencing?
  • Are all access points to the premises monitored and controlled, such as with CCTV or security personnel?
  • Are environmental sensors installed to detect water leaks, humidity, or temperature fluctuations?
  • Are backup power and cooling systems in place to ensure business continuity in case of power outages or cooling failures?
  • Is access to critical areas restricted to authorized personnel only?
  • Are regular security patrols conducted around the premises?
  • Are regular vulnerability assessments and penetration testing conducted to identify potential weaknesses in physical security?
See also  Checklist of ISO/IEC 27001-A.12.3.1 Information backup


Protecting against external and environmental threats is an essential aspect of an organization’s physical security. 

Adequate protective controls should be in place to prevent or mitigate the impact of these threats. 

By using the checklist provided in this article, organizations can review their protective controls and ensure that they are appropriately secured against external and environmental threats.

Leave a comment

Your email address will not be published. Required fields are marked *