0% found this document useful (0 votes)

119 views17 pages

ISO 17799 Audit Sample

The document contains an audit tool for assessing physical and environmental security management. It includes questions grouped under sections covering use of security areas to protect facilities, use of physical security perimeters, and use of physical entry controls to protect secure areas.

Uploaded by

Gabriel Lourenco

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

119 views17 pages

ISO 17799 Audit Sample

Uploaded by

Gabriel Lourenco

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 17

ISO IEC 17799 2005 INFORMATION SECURITY AUDIT TOOL

9. PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

RESPONSES

NOTES AND COMMENTS

9.1 USE SECURITY AREAS TO PROTECT FACILITIES

GOAL

Do you use physical methods to prevent unauthorized

access to your organizations information and premises?

YES

N/A

GOAL

Do you use physical methods to prevent people

from damaging your information and premises?

YES

N/A

GOAL

Do you use physical methods to prevent people

from interfering with your information and premises?

YES

N/A

GOAL

Do you keep your organizations critical or sensitive

information processing facilities in secure areas?

YES

N/A

GOAL

Do you use defined security perimeters to protect your

critical or sensitive information processing facilities?

YES

N/A

GOAL

Do you use appropriate security barriers to protect your

critical or sensitive information processing facilities?

YES

N/A

GOAL

Do you use entry controls to protect your critical

or sensitive information processing facilities?

YES

N/A

GOAL

Are your physical protection methods

commensurate with identified security risks?

YES

N/A

9.1.1 USE PHYSICAL SECURITY PERIMETERS TO PROTECT AREAS

CTRL

Do you use physical security perimeters and

barriers to protect areas that contain information?

YES

N/A

CTRL

Do you use physical security perimeters and barriers to

protect areas that contain information processing facilities?

YES

N/A

CTRL

Do you use walls to protect areas that contain your

information and information processing facilities?

YES

N/A

CTRL

Do you use manned reception desks to protect areas that

contain information and information processing facilities?

YES

N/A

CTRL

Do you use card controlled entry gates to protect areas that

contain information and information processing facilities?

YES

N/A

GUIDE

Are your security perimeters clearly defined?

YES

N/A

ORGANIZATION:

YOUR LOCATION:

COMPLETED BY:

DATE COMPLETED:

REVIEWED BY:

DATE REVIEWED:

DEC 2005

COPYRIGHT 2005 BY PRAXIOM RESEARCH GROUP LIMITED. ALL RIGHTS RESERVED.

PART 9

PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

EDITION 3.0

PAGE 84

ISO IEC 17799 2005 INFORMATION SECURITY AUDIT TOOL

9. PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

RESPONSES

GUIDE

Do you assess your security risks and make sure that your
security perimeters actually reduce your security risk?

YES

N/A

GUIDE

Do you assess your information asset security

requirements and make sure that your security
perimeters meet those requirements?

YES

N/A

GUIDE

Do you reduce your risk and meet your security

requirements by ensuring that security perimeters
are properly sited?

YES

N/A

GUIDE

Do you reduce your risk and meet your security

requirements by ensuring that security perimeters
are strong enough?

YES

N/A

GUIDE

Are your physical security barriers and perimeters

free of physical gaps and weaknesses?

YES

N/A

GUIDE

Are external walls of buildings and sites that contain

information processing facilities solidly constructed?

YES

N/A

GUIDE

Do you use external door control mechanisms to prevent

unauthorized access to information processing facilities?

YES

N/A

GUIDE

Do you use bars to prevent unauthorized access to

your organizations information processing facilities?

YES

N/A

GUIDE

Do you use locks to prevent unauthorized access to

your organizations information processing facilities?

YES

N/A

GUIDE

Do you use alarms to prevent unauthorized access to

your organizations information processing facilities?

YES

N/A

GUIDE

Are your doors locked when unattended?

YES

N/A

GUIDE

Are your windows locked when unattended?

YES

N/A

GUIDE

Do you use external protection for windows at ground level?

YES

N/A

GUIDE

Do you use physical access controls to ensure that access

to sites and buildings is restricted to authorized personnel?

YES

N/A

GUIDE

Do you use physical barriers to prevent unauthorized access?

YES

N/A

GUIDE

Do you use physical barriers to prevent contamination

from external environmental sources?

YES

N/A

ORGANIZATION:

YOUR LOCATION:

COMPLETED BY:

DATE COMPLETED:

REVIEWED BY:

DATE REVIEWED:

NOTES AND COMMENTS

DEC 2005

COPYRIGHT 2005 BY PRAXIOM RESEARCH GROUP LIMITED. ALL RIGHTS RESERVED.

PART 9

PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

EDITION 3.0

PAGE 85

ISO IEC 17799 2005 INFORMATION SECURITY AUDIT TOOL

9. PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

RESPONSES

GUIDE

Do you alarm all external perimeter fire doors?

YES

N/A

GUIDE

Do you monitor all external perimeter fire doors?

YES

N/A

GUIDE

Are external perimeter fire doors and walls strong

enough and provide the required resistance?

YES

N/A

GUIDE

Do you test all external perimeter fire doors in

conjunction with surrounding walls to ensure that
they comply with all relevant regional, national,
and international standards?

YES

N/A

GUIDE

Do external perimeter fire doors comply with local fire codes?

YES

N/A

GUIDE

Are your external perimeter fire doors failsafe?

YES

N/A

GUIDE

Have you installed suitable intruder detection systems?

YES

N/A

GUIDE

Do your intruder detection systems cover

all external doors and accessible windows?

YES

N/A

GUIDE

Do your intruder detection systems cover all

communications centers and computer rooms?

YES

N/A

GUIDE

Do your intruder detection systems comply with all

relevant regional, national, or international standards?

YES

N/A

GUIDE

Do you test all intruder detection systems in order to

ensure that they comply with all relevant standards?

YES

N/A

GUIDE

Do you alarm your unoccupied areas at all times?

YES

N/A

GUIDE

Have you separated your organizations information

processing facilities from those managed by third parties?

YES

N/A

NOTE

Have you considered using multiple physical barriers to

protect your premises and information processing facilities?

YES

N/A

NOTE

Do you use lockable offices to protect your organizations

information and information processing facilities?

YES

N/A

NOTE

Do you use continuous internal physical security barriers to

protect your information and information processing facilities?

YES

N/A

NOTE

Do you use special physical access security precautions

when multiple organizations are housed in the same building?

YES

N/A

ORGANIZATION:

YOUR LOCATION:

COMPLETED BY:

DATE COMPLETED:

REVIEWED BY:

DATE REVIEWED:

NOTES AND COMMENTS

DEC 2005

COPYRIGHT 2005 BY PRAXIOM RESEARCH GROUP LIMITED. ALL RIGHTS RESERVED.

PART 9

PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

EDITION 3.0

PAGE 86

ISO IEC 17799 2005 INFORMATION SECURITY AUDIT TOOL

9. PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

RESPONSES

NOTES AND COMMENTS

9.1.2 USE PHYSICAL ENTRY CONTROLS TO PROTECT SECURE AREAS

CTRL

Do you use physical entry controls to protect secure areas?

YES

N/A

CTRL

Do your physical entry controls allow only authorized

personnel to gain access to secure areas?

YES

N/A

GUIDE

Do you record the date and time

visitors enter or leave secure areas?

YES

N/A

GUIDE

Do you supervise all visitors to secure areas

unless their access was previously approved?

YES

N/A

GUIDE

Do you allow access to secure areas only if access

has been authorized and visitors have a specific
reason why they need to have access?

YES

N/A

GUIDE

Do all visitors to secure areas understand the security

requirements that apply to the areas being visited?

YES

N/A

GUIDE

Are all visitors to secure areas made aware of the

emergency procedures that apply to those areas?

YES

N/A

GUIDE

Do you control access to areas where

sensitive information is stored?

YES

N/A

GUIDE

Do you control access to areas where

sensitive information is processed?

YES

N/A

GUIDE

Do you restrict access to authorized personnel only?

YES

N/A

GUIDE

Do you use authentication controls (e.g., access control

card plus PIN) to validate and authorize access?

YES

N/A

GUIDE

Do you maintain secure records of all access to secure areas?

YES

N/A

GUIDE

Do all employees wear visible identification?

YES

N/A

GUIDE

Do all contractors wear visible identification?

YES

N/A

GUIDE

Do all third-party users wear visible identification?

YES

N/A

GUIDE

Do all visitors wear visible identification?

YES

N/A

GUIDE

Do all personnel notify your security people if they

encounter anyone not wearing visible identification?

YES

N/A

ORGANIZATION:

YOUR LOCATION:

COMPLETED BY:

DATE COMPLETED:

REVIEWED BY:

DATE REVIEWED:

DEC 2005

COPYRIGHT 2005 BY PRAXIOM RESEARCH GROUP LIMITED. ALL RIGHTS RESERVED.

PART 9

PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

EDITION 3.0

PAGE 87

ISO IEC 17799 2005 INFORMATION SECURITY AUDIT TOOL

9. PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

RESPONSES

GUIDE

Do you allow third-party support service personnel to access

secure areas only when necessary and only if authorized?

YES

N/A

GUIDE

Do you allow third-party support service personnel to

access sensitive information processing facilities only
when necessary and only if authorized?

YES

N/A

GUIDE

Do you monitor third-party support service personnel while

they have access to secure areas and sensitive facilities?

YES

N/A

GUIDE

Do you review access rights to

secure areas on a regular basis?

YES

N/A

GUIDE

Do you update access rights to

secure areas on a regular basis?

YES

N/A

GUIDE

Do you revoke access rights to secure

areas when it is necessary to do so?

YES

N/A

NOTES AND COMMENTS

9.1.3 SECURE YOUR ORGANIZATIONS OFFICES, ROOMS, AND FACILITIES

CTRL

Have you designed physical security controls and do

you apply them to your offices, rooms, and facilities?

YES

N/A

GUIDE

Do your physical security controls comply with all

relevant health and safety regulations and standards?

YES

N/A

GUIDE

Do you site important or sensitive facilities

in order to avoid public access to them?

YES

N/A

GUIDE

Are buildings, which are used for information processing,

unobtrusive and do they conceal their true purpose?

YES

N/A

GUIDE

Do you prevent public access to internal telephone books,

directories, and documents that identify the location
of sensitive information processing facilities?

YES

N/A

9.1.4 PROTECT FACILITIES FROM NATURAL AND HUMAN THREATS

CTRL

Do you use physical methods to protect your facilities

from the damage that natural disasters can cause?

YES

N/A

CTRL

Do you use physical methods to protect your facilities

from the damage that man-made disasters can cause?

YES

N/A

CTRL

Do you use physical methods to protect your

facilities from the damage that fires can cause?

YES

N/A

ORGANIZATION:

YOUR LOCATION:

COMPLETED BY:

DATE COMPLETED:

REVIEWED BY:

DATE REVIEWED:

DEC 2005

COPYRIGHT 2005 BY PRAXIOM RESEARCH GROUP LIMITED. ALL RIGHTS RESERVED.

PART 9

PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

EDITION 3.0

PAGE 88

ISO IEC 17799 2005 INFORMATION SECURITY AUDIT TOOL

9. PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

RESPONSES

CTRL

Do you use physical methods to protect your

facilities from the damage that floods can cause?

YES

N/A

CTRL

Do you use physical methods to protect your facilities

from the damage that earthquakes can cause?

YES

N/A

CTRL

Do you use physical methods to protect your facilities

from the damage that explosions can cause?

YES

N/A

CTRL

Do you use physical methods to protect your facilities

from the damage that civil unrest can cause?

YES

N/A

GUIDE

Do you protect your facilities from the security threats

that neighboring premises could potentially present?

YES

N/A

GUIDE

Do you protect your facilities from the damage

a fire in a neighboring building could cause?

YES

N/A

GUIDE

Do you protect your facilities from the damage

an explosion in the street could cause?

YES

N/A

GUIDE

Do you protect your facilities from the damage

water leaking from the roof, from below, or from
the next office could cause?

YES

N/A

GUIDE

Do you store hazardous materials away from secure areas?

YES

N/A

GUIDE

Do you store combustible materials away from secure areas?

YES

N/A

GUIDE

Do you site fallback equipment at a safe distance from

the main site in order to ensure that it isnt damaged
if the main site experiences a disaster?

YES

N/A

GUIDE

Is appropriate fire fighting equipment suitably

situated and available when needed?

YES

N/A

NOTES AND COMMENTS

9.1.5 USE WORK GUIDELINES TO PROTECT SECURE AREAS

CTRL

Do you use guidelines to control how

work is performed in secure areas?

YES

N/A

GUIDE

Do you control how employees

perform work in secure areas?

YES

N/A

GUIDE

Do you control how contractors

perform work in secure areas?

YES

N/A

ORGANIZATION:

YOUR LOCATION:

COMPLETED BY:

DATE COMPLETED:

REVIEWED BY:

DATE REVIEWED:

DEC 2005

COPYRIGHT 2005 BY PRAXIOM RESEARCH GROUP LIMITED. ALL RIGHTS RESERVED.

PART 9

PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

EDITION 3.0

PAGE 89

ISO IEC 17799 2005 INFORMATION SECURITY AUDIT TOOL

9. PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

RESPONSES

GUIDE

Do you control how third-party users

perform work in secure areas?

YES

N/A

GUIDE

Do you use a need-to-know policy to control what personnel

know about the work that is done in secure areas?

YES

N/A

GUIDE

Do you supervise all work performed in secure areas?

YES

N/A

GUIDE

Do you lock secure areas that are vacant?

YES

N/A

GUIDE

Do you check secure areas that are vacant?

YES

N/A

GUIDE

Do you prevent the unauthorized use of

recording equipment inside secure areas?

YES

N/A

100

GUIDE

Do you prevent the unauthorized use of

photographic equipment inside secure areas?

YES

N/A

101

GUIDE

Do you prevent the unauthorized use of

video equipment inside secure areas?

YES

N/A

102

GUIDE

Do you prevent the unauthorized use of

audio equipment inside secure areas?

YES

N/A

NOTES AND COMMENTS

9.1.6 ISOLATE AND CONTROL PUBLIC ACCESS POINTS

103

CTRL

Do you control public access points in order to prevent

unauthorized persons from entering your premises?

YES

N/A

104

CTRL

Are public access points isolated and separate

from your information processing facilities?

YES

N/A

105

CTRL

Do you isolate and control access to your delivery areas?

YES

N/A

106

CTRL

Do you isolate and control access to your loading areas?

YES

N/A

107

GUIDE

Do you restrict access to delivery and loading areas in order

to prevent unauthorized access from outside of your building?

YES

N/A

108

GUIDE

Are only identified and authorized personnel allowed to

access your organizations delivery and loading areas?

YES

N/A

109

GUIDE

Are delivery and loading areas designed so that supplies

can be unloaded without allowing delivery personnel to
have access to the rest of the building?

YES

N/A

110

GUIDE

Are your delivery and loading areas designed so that

external doors are secured when internal doors are open?

YES

N/A

ORGANIZATION:

YOUR LOCATION:

COMPLETED BY:

DATE COMPLETED:

REVIEWED BY:

DATE REVIEWED:

DEC 2005

COPYRIGHT 2005 BY PRAXIOM RESEARCH GROUP LIMITED. ALL RIGHTS RESERVED.

PART 9

PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

EDITION 3.0

PAGE 90

ISO IEC 17799 2005 INFORMATION SECURITY AUDIT TOOL

9. PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

RESPONSES

111

GUIDE

Do you inspect all incoming supplies and materials to ensure

that all hazards are identified before these items are
transferred from delivery and loading areas to points of use?

YES

N/A

112

GUIDE

Do you register all supplies and

materials when they enter your site?

YES

N/A

113

GUIDE

Are incoming registration activities carried out in

accordance with your asset management procedures?

YES

N/A

114

GUIDE

Do you segregate your incoming and outgoing shipments?

YES

N/A

NOTES AND COMMENTS

9.2 PROTECT YOUR ORGANIZATIONS EQUIPMENT

115

GOAL

Do you prevent damage to your organizations equipment?

YES

N/A

116

GOAL

Do you prevent the loss of your organizations equipment?

YES

N/A

117

GOAL

Do you prevent the theft of your organizations equipment?

YES

N/A

118

GOAL

Do you protect your equipment from physical threats?

YES

N/A

119

GOAL

Do you protect your equipment from environmental threats?

YES

N/A

120

GOAL

Do you protect your equipment to avoid work interruptions?

YES

N/A

121

GOAL

Do you protect your equipment in order to avoid

unauthorized access to your organizations information?

YES

N/A

122

GOAL

Do you protect your equipment through proper disposal?

YES

N/A

123

GOAL

Do you use secure siting strategies to protect equipment?

YES

N/A

124

GOAL

Do you use special controls to protect supporting facilities?

YES

N/A

9.2.1 USE EQUIPMENT SITING AND PROTECTION STRATEGIES

125

CTRL

Do you protect your equipment from environmental risks

and hazards through the use of secure siting strategies?

YES

N/A

126

CTRL

Do you prevent opportunities for unauthorized access to

equipment through the use of secure siting strategies?

YES

N/A

127

GUIDE

Do you site your organizations equipment so that

unnecessary access to work areas is minimized?

YES

N/A

ORGANIZATION:

YOUR LOCATION:

COMPLETED BY:

DATE COMPLETED:

REVIEWED BY:

DATE REVIEWED:

DEC 2005

COPYRIGHT 2005 BY PRAXIOM RESEARCH GROUP LIMITED. ALL RIGHTS RESERVED.

PART 9

PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

EDITION 3.0

PAGE 91

ISO IEC 17799 2005 INFORMATION SECURITY AUDIT TOOL

9. PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

RESPONSES

128

GUIDE

Do you position information processing facilities

so that sensitive information cannot be viewed
by unauthorized persons?

YES

N/A

129

GUIDE

Do you position information storage facilities

so that sensitive information cannot be viewed
by unauthorized persons?

YES

N/A

130

GUIDE

Do you isolate your equipment when

it requires an extra level of protection?

YES

N/A

131

GUIDE

Do you use security controls to minimize

the risk that equipment could be damaged
by physical threats and hazards?

YES

N/A

132

GUIDE

Do you use security controls to minimize

the risk that equipment will be stolen?

YES

N/A

133

GUIDE

Do you use security controls to minimize

the risk that equipment will be vandalized?

YES

N/A

134

GUIDE

Do you use security controls to minimize the

risk that equipment will be damaged by fire?

YES

N/A

135

GUIDE

Do you use security controls to minimize the

risk that equipment will be damaged by smoke?

YES

N/A

136

GUIDE

Do you use security controls to minimize the risk

that equipment will be damaged by explosives?

YES

N/A

137

GUIDE

Do you use security controls to minimize the risk

that equipment will be damaged by flooding?

YES

N/A

138

GUIDE

Do you use security controls to minimize the risk

that equipment will be damaged by water leaks?

YES

N/A

139

GUIDE

Do you use security controls to minimize the

risk that equipment will be damaged by dust?

YES

N/A

140

GUIDE

Do you use security controls to minimize the

risk that equipment will be damaged by grime?

YES

N/A

141

GUIDE

Do you use security controls to minimize the risk

that equipment will be damaged by vibration?

YES

N/A

142

GUIDE

Do you use security controls to minimize the risk

that equipment will be damaged by destructive
or corrosive chemicals?

YES

N/A

ORGANIZATION:

YOUR LOCATION:

COMPLETED BY:

DATE COMPLETED:

REVIEWED BY:

DATE REVIEWED:

NOTES AND COMMENTS

DEC 2005

COPYRIGHT 2005 BY PRAXIOM RESEARCH GROUP LIMITED. ALL RIGHTS RESERVED.

PART 9

PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

EDITION 3.0

PAGE 92

ISO IEC 17799 2005 INFORMATION SECURITY AUDIT TOOL

9. PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

RESPONSES

143

GUIDE

Do you use security controls to minimize the risk that

equipment will be damaged by electromagnetic radiation?

YES

N/A

144

GUIDE

Do you use security controls to minimize the risk that

equipment will be damaged by electrical interference?

YES

N/A

145

GUIDE

Do you use security controls to minimize the risk

that equipment will be accidentally damaged?

YES

N/A

146

GUIDE

Have you established guidelines to control eating, drinking,

and smoking near your information processing facilities?

YES

N/A

147

GUIDE

Do you monitor environmental conditions when changes

could damage your information processing facilities?

YES

N/A

148

GUIDE

Do you monitor temperature and humidity when

these conditions could impair the operation of your
organizations information processing facilities?

YES

N/A

149

GUIDE

Do you protect your buildings from lightning strikes?

YES

N/A

150

GUIDE

Do you protect incoming power lines

using lightning protection filters?

YES

N/A

151

GUIDE

Do you protect incoming communications

lines using lightning protection filters?

YES

N/A

152

GUIDE

Do you use special methods to protect equipment

that is used in harsh industrial environments?

YES

N/A

153

GUIDE

Do you use keyboard membranes to protect equipment

that is used in harsh industrial environments?

YES

N/A

154

GUIDE

Do you protect equipment that is used to process

sensitive information by minimizing the risk that
information will leak due to emanation?

YES

N/A

NOTES AND COMMENTS

9.2.2 MAKE SURE THAT SUPPORTING UTILITIES ARE RELIABLE

155

CTRL

Do you protect your equipment from

disruptions caused by utility failures?

YES

N/A

156

CTRL

Do you protect your equipment from

disruptions caused by power failures?

YES

N/A

157

GUIDE

Are all supporting utilities capable of

supporting your organizations systems?

YES

N/A

ORGANIZATION:

YOUR LOCATION:

COMPLETED BY:

DATE COMPLETED:

REVIEWED BY:

DATE REVIEWED:

DEC 2005

COPYRIGHT 2005 BY PRAXIOM RESEARCH GROUP LIMITED. ALL RIGHTS RESERVED.

PART 9

PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

EDITION 3.0

PAGE 93

ISO IEC 17799 2005 INFORMATION SECURITY AUDIT TOOL

9. PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

RESPONSES

158

GUIDE

Are all electrical utilities capable of

supporting your organizations systems?

YES

N/A

159

GUIDE

Does your electrical supply conform to your

equipment manufacturers specifications?

YES

N/A

160

GUIDE

Are water utilities capable of supporting your systems?

YES

N/A

161

GUIDE

Are sewage utilities capable of supporting your systems?

YES

N/A

162

GUIDE

Are heating utilities capable of supporting your systems?

YES

N/A

163

GUIDE

Are ventilation systems capable of supporting your systems?

YES

N/A

164

GUIDE

Is your air conditioning system capable

of supporting your organizations systems?

YES

N/A

165

GUIDE

Do you inspect your supporting utilities regularly

in order to make sure that theyre still functioning
properly and in order to reduce the risk of failure?

YES

N/A

166

GUIDE

Do you test your supporting utilities regularly in

order to make sure that theyre still functioning
properly and in order to reduce the risk of failure?

YES

N/A

167

GUIDE

Do you use uninterruptible power supplies (UPSs) to protect

equipment that is used to support critical business operations?

YES

N/A

168

GUIDE

Have you established power contingency plans that

explain what should be done when your UPSs fail?

YES

N/A

169

GUIDE

Do you check your UPS equipment regularly?

YES

N/A

170

GUIDE

Do you test your organizations UPS equipment regularly

in accordance with manufacturers recommendations?

YES

N/A

171

GUIDE

Do you have backup generators that you

can use during prolonged power failures?

YES

N/A

172

GUIDE

Do you have an adequate supply of fuel available that

backup generators can use during emergencies?

YES

N/A

173

GUIDE

Do you check your backup generators regularly?

YES

N/A

174

GUIDE

Do you test your backup generators regularly in

accordance with manufacturers recommendations?

YES

N/A

ORGANIZATION:

YOUR LOCATION:

COMPLETED BY:

DATE COMPLETED:

REVIEWED BY:

DATE REVIEWED:

NOTES AND COMMENTS

DEC 2005

COPYRIGHT 2005 BY PRAXIOM RESEARCH GROUP LIMITED. ALL RIGHTS RESERVED.

PART 9

PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

EDITION 3.0

PAGE 94

ISO IEC 17799 2005 INFORMATION SECURITY AUDIT TOOL

9. PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

RESPONSES

175

GUIDE

Have you considered using multiple power sources?

YES

N/A

176

GUIDE

Have you considered using a separate

power substation if your site is large?

YES

N/A

177

GUIDE

Are emergency power-off switches located

near emergency exits in equipment rooms?

YES

N/A

178

GUIDE

Have you installed emergency backup

lights in case your main power fails?

YES

N/A

179

GUIDE

Is your water supply stable and capable of

supporting your air conditioning equipment?

YES

N/A

180

GUIDE

Is your water supply stable and capable

of supporting your humidification equipment?

YES

N/A

181

GUIDE

Is your water supply stable and capable

of supporting your fire suppression systems?

YES

N/A

182

GUIDE

Have you considered installing alarm systems

to detect malfunctions in supporting utilities?

YES

N/A

183

GUIDE

Do you use two different routes to connect your

telecommunications equipment to your utility provider?

YES

N/A

184

GUIDE

Do your voice services comply with local legal

emergency communications requirements?

YES

N/A

185

NOTE

Have you considered using multiple feeds to avoid a single

point of failure and to ensure that power supply is continuous?

YES

N/A

NOTES AND COMMENTS

9.2.3 SECURE POWER AND TELECOMMUNICATIONS CABLES

186

CTRL

Do you protect power cables carrying

data or supporting information services?

YES

N/A

187

CTRL

Do you protect telecommunications cables

carrying data or supporting information services?

YES

N/A

188

CTRL

Do you protect cables from damage and deterioration?

YES

N/A

189

CTRL

Do you protect cables from unauthorized interception?

YES

N/A

190

GUIDE

Do you place power lines underground whenever those

lines are connected to information processing facilities?

YES

N/A

ORGANIZATION:

YOUR LOCATION:

COMPLETED BY:

DATE COMPLETED:

REVIEWED BY:

DATE REVIEWED:

DEC 2005

PART 9

PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

EDITION 3.0

PAGE 95

ISO IEC 17799 2005 INFORMATION SECURITY AUDIT TOOL

9. PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

RESPONSES

191

GUIDE

Do you place telecommunications cables underground when

they are connected to information processing facilities?

YES

N/A

192

GUIDE

Do you avoid routing network cables through public areas?

YES

N/A

193

GUIDE

Do you use conduits to prevent unauthorized

interception or damage to network cables?

YES

N/A

194

GUIDE

Do you prevent interference by segregating

power cables from telecommunications cables?

YES

N/A

195

GUIDE

Do you use clearly marked cable and equipment

markings in order to minimize the chance that the
wrong network cables will be accidentally patched?

YES

N/A

196

GUIDE

Do you use documented patch lists in order

to reduce the chance that the wrong network
cables will be accidentally patched?

YES

N/A

197

GUIDE

Do you use armored conduit to

protect sensitive or critical systems?

YES

N/A

198

GUIDE

Do you protect sensitive or critical systems by using

locked rooms at inspection and termination points?

YES

N/A

199

GUIDE

Do you protect sensitive or critical systems by

using boxes at inspection and termination points?

YES

N/A

200

GUIDE

Do you protect sensitive or critical systems by

using alternative routings or transmission media?

YES

N/A

201

GUIDE

Do you protect sensitive or critical systems

by considering the use of fiber optic cables?

YES

N/A

202

GUIDE

Do you protect sensitive or critical systems by

using physical inspections to detect the presence
of unauthorized cable monitoring devices?

YES

N/A

203

GUIDE

Do you protect your sensitive or critical systems by

controlling access to patch panels and cable rooms?

YES

N/A

204

GUIDE

Do you protect sensitive or critical cables by

using technical sweeps to detect the presence
of unauthorized cable monitoring devices?

YES

N/A

205

GUIDE

Do you protect sensitive or critical cables

by using electromagnetic shielding?

YES

N/A

ORGANIZATION:

YOUR LOCATION:

COMPLETED BY:

DATE COMPLETED:

REVIEWED BY:

DATE REVIEWED:

NOTES AND COMMENTS

DEC 2005

PART 9

PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

EDITION 3.0

PAGE 96

ISO IEC 17799 2005 INFORMATION SECURITY AUDIT TOOL

9. PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

RESPONSES

NOTES AND COMMENTS

9.2.4 MAINTAIN YOUR ORGANIZATIONS EQUIPMENT

206

CTRL

Do you maintain your equipment in order to protect its

integrity and to ensure that its available when you need it?

YES

N/A

207

GUIDE

Do you follow the equipment manufacturers

recommended maintenance schedule?

YES

N/A

208

GUIDE

Do you follow the equipment manufacturers

recommended maintenance specifications?

YES

N/A

209

GUIDE

Do you allow only authorized maintenance

people to service and repair your equipment?

YES

N/A

210

GUIDE

Do you keep a record of your organizations

preventive and corrective maintenance activities?

YES

N/A

211

GUIDE

Do you keep a record of all equipment faults and problems?

YES

N/A

212

GUIDE

Do you control on-site equipment maintenance and repair?

YES

N/A

213

GUIDE

Do you control off-site equipment maintenance and repair?

YES

N/A

214

GUIDE

Do you provide security clearance for maintenance personnel

or clear sensitive information from your equipment before
maintenance and repair activities are carried out?

YES

N/A

215

GUIDE

Do you comply with the requirements that insurance polices

impose on your equipment maintenance and repair activities?

YES

N/A

9.2.5 PROTECT YOUR OFF-SITE EQUIPMENT

216

CTRL

Do you use security measures to protect off-site equipment?

YES

N/A

217

CTRL

Do your equipment security measures deal with the

range of risks that off-site equipment is exposed to?

YES

N/A

218

GUIDE

Have you developed special security measures to address

your organizations unique or unusual off-site security risks?

YES

N/A

219

GUIDE

Is management authorization required before any

information processing equipment can be removed
and used outside of your premises?

YES

N/A

220

GUIDE

Do your personnel never leave information processing

equipment or media unattended in public places?

YES

N/A

ORGANIZATION:

YOUR LOCATION:

COMPLETED BY:

DATE COMPLETED:

REVIEWED BY:

DATE REVIEWED:

DEC 2005

PART 9

PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

EDITION 3.0

PAGE 97

ISO IEC 17799 2005 INFORMATION SECURITY AUDIT TOOL

9. PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

RESPONSES

221

GUIDE

Do personnel treat portable computers

as hand luggage while they are traveling?

YES

N/A

222

GUIDE

Do your personnel conceal or disguise their

portable computers while they are traveling?

YES

N/A

223

GUIDE

Do your personnel follow your equipment manufacturers

recommended security practices and precautions?

YES

N/A

224

GUIDE

Do you protect equipment from strong electromagnetic fields?

YES

N/A

225

GUIDE

Do you perform risk assessments in order to determine

what kinds of home-working security controls are required?

YES

N/A

226

GUIDE

Have you developed special security measures

and controls for people who work at home?

YES

N/A

227

GUIDE

Are suitable controls applied when personnel

use your equipment to work at home?

YES

N/A

228

GUIDE

Do personnel use lockable filing cabinets when

they use your equipment to work at home?

YES

N/A

229

GUIDE

Do personnel follow a clear desk policy when

they use your equipment to work at home?

YES

N/A

230

GUIDE

Are computer access controls used when

personnel use your computers to work at home?

YES

N/A

231

GUIDE

Are secure communications methods used when

communicating between the office and the home?

YES

N/A

232

GUIDE

Does your organization have adequate insurance

coverage to protect its off-site equipment?

YES

N/A

233

NOTE

Are security measures taken to control

the off-site use of mobile equipment?

YES

N/A

234

NOTE

Are all appropriate security measures taken to

control the off-site use of personal computers?

YES

N/A

235

NOTE

Are all appropriate security measures taken to

control the off-site use of personal organizers?

YES

N/A

236

NOTE

Are all appropriate security measures taken to

control the off-site use of mobile phones?

YES

N/A

ORGANIZATION:

YOUR LOCATION:

COMPLETED BY:

DATE COMPLETED:

REVIEWED BY:

DATE REVIEWED:

NOTES AND COMMENTS

DEC 2005

PART 9

PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

EDITION 3.0

PAGE 98

ISO IEC 17799 2005 INFORMATION SECURITY AUDIT TOOL

9. PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

RESPONSES

237

NOTE

Are all appropriate security measures taken

to control the off-site use of smart cards?

YES

N/A

238

NOTE

Are all appropriate security measures taken

to control the off-site use of paper documents?

YES

N/A

NOTES AND COMMENTS

9.2.6 CONTROL EQUIPMENT DISPOSAL AND RE-USE

239

CTRL

Do you check all equipment containing storage media in

order to ensure that all sensitive data has been removed or
securely overwritten before you dispose of this equipment?

YES

N/A

240

CTRL

Do you check all equipment containing storage media in

order to ensure that all licensed software has been removed
or securely overwritten before you dispose of this equipment?

YES

N/A

241

GUIDE

Do you destroy data storage devices containing sensitive

information before you dispose of these devices?

YES

N/A

242

GUIDE

Do you destroy, delete, or securely overwrite all sensitive

data before you allow anyone to re-use data storage devices?

YES

N/A

243

GUIDE

Do you use techniques that ensure that the original data is

non-retrievable once it has been destroyed or overwritten?

YES

N/A

244

NOTE

Do you use risk assessments to determine whether

damaged information storage devices should be
physically destroyed, discarded, or repaired?

YES

N/A

9.2.7 CONTROL THE USE OF ASSETS OFF-SITE

245

CTRL

Do you ensure that your organizations assets

are not taken off-site without prior authorization?

YES

N/A

246

CTRL

Do you ensure that your organizations equipment

is not taken off-site without prior authorization?

YES

N/A

247

CTRL

Do you ensure that your organizations information

is not taken off-site without prior authorization?

YES

N/A

248

CTRL

Do you ensure that your organizations software

is not taken off-site without prior authorization?

YES

N/A

249

GUIDE

Have you identified employees who are authorized

to allow people to remove and use assets off-site?

YES

N/A

ORGANIZATION:

YOUR LOCATION:

COMPLETED BY:

DATE COMPLETED:

REVIEWED BY:

DATE REVIEWED:

DEC 2005

PART 9

PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

EDITION 3.0

PAGE 99

ISO IEC 17799 2005 INFORMATION SECURITY AUDIT TOOL

9. PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

RESPONSES

250

GUIDE

Have you identified contractors who are authorized

to allow people to remove and use assets off-site?

YES

N/A

251

GUIDE

Have you identified third-party users who are authorized

to allow people to remove and use your assets off-site?

YES

N/A

252

GUIDE

Do you use time limits to control how long

people are allowed to use equipment off-site?

YES

N/A

253

GUIDE

Do you check returns to ensure that people have complied

with the time limits placed on off-site equipment usage?

YES

N/A

254

GUIDE

Do you record the off-site removal

and return of equipment?

YES

N/A

255

NOTE

Do you use spot checks to detect

the unauthorized removal of assets?

YES

N/A

256

NOTE

Do you use spot checks to detect

unauthorized recording devices?

YES

N/A

257

NOTE

Do you use spot checks to detect

weapons and explosives?

YES

N/A

258

NOTE

Do you make sure that spot checks comply with all

relevant legal, legislative, and regulatory requirements?

YES

N/A

NOTES AND COMMENTS

Answer each of the above questions. Three answers are possible: YES, NO, and N/A. YES means youre in compliance,
NO means youre not in compliance, while N/A means that the question is not applicable in your case. Also, please use
the three columns on the right to assign remedial actions to people and to record the date the action was started
and the date it was finished. Please use these three columns to manage and control your remedial action process.
In the spaces below, enter the name and location of your organization, who completed this page, who reviewed it, and the dates.

ORGANIZATION:

YOUR LOCATION:

COMPLETED BY:

DATE COMPLETED:

REVIEWED BY:

DATE REVIEWED:

DEC 2005

EDITION 3.0

PART 9

PHYSICAL & ENVIRONMENTAL SECURITY MANAGEMENT AUDIT

PAGE 100

Nine Steps to Success: An ISO27001:2013 Implementation Overview
From Everand
Nine Steps to Success: An ISO27001:2013 Implementation Overview
Alan Calder
1/5 (1)
Cantu Combined Appendices
No ratings yet
Cantu Combined Appendices
62 pages
ACL101 Foundations 21-10-2022 - Trainer's
No ratings yet
ACL101 Foundations 21-10-2022 - Trainer's
119 pages
PSPF Maturity Assessment Template and Calculator 0
No ratings yet
PSPF Maturity Assessment Template and Calculator 0
57 pages
Lady in Gold 1
0% (1)
Lady in Gold 1
9 pages
State of Tamil Nadu V Nalini
0% (1)
State of Tamil Nadu V Nalini
29 pages
Thank You, M'am: Multiple Choice
100% (5)
Thank You, M'am: Multiple Choice
4 pages
C S C C: Yber Ecurity Ontrols Hecklist
No ratings yet
C S C C: Yber Ecurity Ontrols Hecklist
12 pages
Certified Information Systems Auditor Exam Prep And Dumps Exam Review Guide for ISACA CISA Exam PART 4
From Everand
Certified Information Systems Auditor Exam Prep And Dumps Exam Review Guide for ISACA CISA Exam PART 4
Byte Books
No ratings yet
Anti Hacking Security: Fight Data Breach
From Everand
Anti Hacking Security: Fight Data Breach
Vivek Ashvinbhai Pancholi
No ratings yet
Application Security in the ISO27001 Environment
From Everand
Application Security in the ISO27001 Environment
Vinod Vasudevan
No ratings yet
We Need To Talk: 52 Weeks To Better Cyber-Security
From Everand
We Need To Talk: 52 Weeks To Better Cyber-Security
L. Brent Huston
No ratings yet
Complete IT and InfoSec RFP For HRMS
No ratings yet
Complete IT and InfoSec RFP For HRMS
22 pages
Information Security Awareness
No ratings yet
Information Security Awareness
7 pages
Chapter 7 Securing Information Systems Answers
100% (1)
Chapter 7 Securing Information Systems Answers
13 pages
ABC Technologies - Coursework Case Study
No ratings yet
ABC Technologies - Coursework Case Study
13 pages
Frameworks and Assessment Tools
No ratings yet
Frameworks and Assessment Tools
2 pages
Qualified Security Assessor Complete Self-Assessment Guide
From Everand
Qualified Security Assessor Complete Self-Assessment Guide
Gerardus Blokdyk
No ratings yet
WAPT Generic CheckList
No ratings yet
WAPT Generic CheckList
6 pages
The Vulnerability Life Cycle
100% (1)
The Vulnerability Life Cycle
2 pages
Not To Be Confused With,, or - For More Information About Wikipedia-Related Phishing Attempts, See
No ratings yet
Not To Be Confused With,, or - For More Information About Wikipedia-Related Phishing Attempts, See
14 pages
Implementing ISMS 9 Steps Aug 19
No ratings yet
Implementing ISMS 9 Steps Aug 19
12 pages
CAIQ Lite
No ratings yet
CAIQ Lite
12 pages
Auditing in CIS Environment DISCUSSION 13
No ratings yet
Auditing in CIS Environment DISCUSSION 13
7 pages
02 Awareness of Information Security For New Employee)
No ratings yet
02 Awareness of Information Security For New Employee)
30 pages
Sacramento State Level 1 Systems Access Review Template
No ratings yet
Sacramento State Level 1 Systems Access Review Template
4 pages
Top 100 Interview Questions For Information Security
No ratings yet
Top 100 Interview Questions For Information Security
48 pages
Security Compliance Challenges On Clouds
No ratings yet
Security Compliance Challenges On Clouds
47 pages
John Ortolano Resume
No ratings yet
John Ortolano Resume
7 pages
Cyber Security Incident Report: Electronic Physical
No ratings yet
Cyber Security Incident Report: Electronic Physical
1 page
2021 - NTT - Global Threat Intelligence Report
No ratings yet
2021 - NTT - Global Threat Intelligence Report
30 pages
NSE Quiz 1
No ratings yet
NSE Quiz 1
5 pages
10 Ways To Prevent Ransomware Attacks Mimecast
No ratings yet
10 Ways To Prevent Ransomware Attacks Mimecast
4 pages
Pta Ctdisr
No ratings yet
Pta Ctdisr
62 pages
Acceptable Use Policy
No ratings yet
Acceptable Use Policy
8 pages
CARTA
No ratings yet
CARTA
16 pages
Security+ Practice Exam - 65 Questions Just For Practice
No ratings yet
Security+ Practice Exam - 65 Questions Just For Practice
35 pages
General IT Audit Program
100% (1)
General IT Audit Program
16 pages
Question Set IASME Governance Including CE Vbeacon
No ratings yet
Question Set IASME Governance Including CE Vbeacon
114 pages
Cybersecurity Measures
No ratings yet
Cybersecurity Measures
2 pages
The Build Block of GRC
100% (1)
The Build Block of GRC
15 pages
Motadata Sales
No ratings yet
Motadata Sales
28 pages
Fisma Assignement (Template)
No ratings yet
Fisma Assignement (Template)
3 pages
Arizona Baseline Security Controls
No ratings yet
Arizona Baseline Security Controls
881 pages
Chapter 2 Asset Security (Domain 2) - CISSP Official (ISC) 2 Practice Tests
100% (1)
Chapter 2 Asset Security (Domain 2) - CISSP Official (ISC) 2 Practice Tests
15 pages
Cybercrime Threats and Solutions Sample1
No ratings yet
Cybercrime Threats and Solutions Sample1
23 pages
CISM - Certified Information Security Manager CISM Topic 4
No ratings yet
CISM - Certified Information Security Manager CISM Topic 4
46 pages
White Paper Information Security Risk Management
No ratings yet
White Paper Information Security Risk Management
19 pages
CISM Model Questions
0% (1)
CISM Model Questions
12 pages
Computer & Network Procedures To Manage IT Systems
No ratings yet
Computer & Network Procedures To Manage IT Systems
4 pages
RACI ERP Migration
No ratings yet
RACI ERP Migration
2 pages
FFIEC CAT App B Map To NIST CSF June 2015 PDF4 PDF
No ratings yet
FFIEC CAT App B Map To NIST CSF June 2015 PDF4 PDF
24 pages
Schedule of Cybersecurity
No ratings yet
Schedule of Cybersecurity
3 pages
It Security Audit Plan and Deliver Able Stem Plates
No ratings yet
It Security Audit Plan and Deliver Able Stem Plates
2 pages
IT Security and Risk Management
No ratings yet
IT Security and Risk Management
10 pages
13 Fraud Risk Assessment
No ratings yet
13 Fraud Risk Assessment
9 pages
Passing Unix Linux Audit With Power Broker
100% (2)
Passing Unix Linux Audit With Power Broker
11 pages
IT Asset Management
No ratings yet
IT Asset Management
2 pages
EDRM Security Questionnaire 1.1
100% (1)
EDRM Security Questionnaire 1.1
39 pages
Cybersecurity CISO Vital Part Operations
No ratings yet
Cybersecurity CISO Vital Part Operations
11 pages
ISO27k Model Security Policy On Malware
100% (2)
ISO27k Model Security Policy On Malware
5 pages
SANS Master Degree 2020
100% (1)
SANS Master Degree 2020
2 pages
Top Threats To Cloud Computing
No ratings yet
Top Threats To Cloud Computing
9 pages
Data Breach Investigations Report 2017
No ratings yet
Data Breach Investigations Report 2017
8 pages
Guard Duty
No ratings yet
Guard Duty
23 pages
316 - 2020-4-16 Filed Nelson Complaint PDF
100% (2)
316 - 2020-4-16 Filed Nelson Complaint PDF
37 pages
Juvenile Justice: An Overview: Criminal Acts
No ratings yet
Juvenile Justice: An Overview: Criminal Acts
2 pages
008 - Historical Background of The Indian Evidence Act, 1872 (1-25) PDF
No ratings yet
008 - Historical Background of The Indian Evidence Act, 1872 (1-25) PDF
25 pages
Cot-Health 9-Intentional Injuries
No ratings yet
Cot-Health 9-Intentional Injuries
44 pages
Claremont COURIER 9-26-14
No ratings yet
Claremont COURIER 9-26-14
32 pages
3AS Anglais1-sci-tech-UN1Lo2
No ratings yet
3AS Anglais1-sci-tech-UN1Lo2
12 pages
Case Comment On Priyadarshini Matoo Case
No ratings yet
Case Comment On Priyadarshini Matoo Case
39 pages
2009 Criminal Law
No ratings yet
2009 Criminal Law
14 pages
Position-Paper Const of Vawc
100% (1)
Position-Paper Const of Vawc
4 pages
Script
No ratings yet
Script
4 pages
10 July 2020 Ms Richa Manchanda, MM - 0
No ratings yet
10 July 2020 Ms Richa Manchanda, MM - 0
6 pages
Comparison Table BNS & IPC
No ratings yet
Comparison Table BNS & IPC
43 pages
Eminem Amber Smith
No ratings yet
Eminem Amber Smith
8 pages
2024.12.02 Martinez - Complaint
No ratings yet
2024.12.02 Martinez - Complaint
61 pages
Data Supplement To The 2016 National Drug Control Strategy
No ratings yet
Data Supplement To The 2016 National Drug Control Strategy
190 pages
Case - A.S.V. Narayanan Rao Vs Ratnamala & Ors.: Facts
No ratings yet
Case - A.S.V. Narayanan Rao Vs Ratnamala & Ors.: Facts
4 pages
Slip-And-Fall Facts by Easter Law Firm
No ratings yet
Slip-And-Fall Facts by Easter Law Firm
3 pages
7.1 Custody, Security and Control, Emergency Plans, Movement and Transfer of Prisoner and Detainees-1
No ratings yet
7.1 Custody, Security and Control, Emergency Plans, Movement and Transfer of Prisoner and Detainees-1
6 pages
United States v. Sidney Turoff, 291 F.2d 864, 2d Cir. (1961)
No ratings yet
United States v. Sidney Turoff, 291 F.2d 864, 2d Cir. (1961)
7 pages
Module On Therapeutic Modality3
No ratings yet
Module On Therapeutic Modality3
31 pages
Reflection Paper Sa Ngalan NG Karapatan (ETHICS)
No ratings yet
Reflection Paper Sa Ngalan NG Karapatan (ETHICS)
5 pages
Rep. Jeff Hoverson Minot Airport Incident Reports
No ratings yet
Rep. Jeff Hoverson Minot Airport Incident Reports
4 pages
Social Strain Theory
No ratings yet
Social Strain Theory
21 pages
Chapter II Revised BSN3C GROUP7 1
No ratings yet
Chapter II Revised BSN3C GROUP7 1
9 pages
Topic and Stand Topic and Stand
No ratings yet
Topic and Stand Topic and Stand
3 pages