Non-contracted visitors in sensitive areas are always accompanied by organisational staff.
Specification
A procedure exists for employees from contracted partners to commence activities on site in sensitive areas, including serverrooms. This procedure includes that contractors must be announced beforehand, identified, and be clearly recognisable while performing work.
ISO 27001 & 27002:2022
A7.2,
A7.6,
A7.8,
A7.9
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
PH.02 Physical access rights management