IT Physical Security - £500,000 fine
Many business managers assume that the physical security of their Data Centre and other IT facilities will be the responsibility (and budget) of the Facilities or Building Services Manager. This is not the case. The CTO must take responsibility for this issue even if that simply means that he/she ensures that the Building Services Manager does a proper job.
There are now substantial financial penalties, not just loss of IT assets or loss of business services, if you get this wrong. In the UK the Information Commissioners Office can fine your company up to £500,000 for failure to provide adequate security for your ICT systems if that action then breaches the Data Protection Act.
Your ICT installation should have a good Physical Security Policy and Plan in place. Managers should be made responsible and accountable for the physical security and the proper implementation of the security policy. The effective implementation of physical security should mesh with network and server/PC security. It should be tested and reviewed on a regular basis.
Simple business insurance is not good enough.
Oaksys