Physical & Environmental Security Policy
1. Purpose
Protect Clerk.io personnel, assets and information by establishing physical security measures and environmental controls.
2. Scope
- Clerk.io Copenhagen headquarters and any satellite offices.
- Cloud-provider data centres (Amazon Web Services – AWS) that host production workloads.
3. Office Controls
| Control | Implementation |
| Perimeter | Electronic badge lock on main entrance (monitored by landlord CCTV). |
| Visitor Management | Visitors sign in at reception and wear badges; escorted at all times. |
| Clear Desk | Employees lock screens and store sensitive papers in locked cabinets after hours. |
| Device Storage | Laptops stored in lockers when staff are travelling. |
| Fire & Safety | Building alarms, extinguishers and annual evacuation drills. |
4. Cloud Data-Centre Reliance
Clerk.io does not operate its own server rooms. Physical security, power, HVAC and fire suppression are provided by Amazon Web Services (AWS), which holds independent SOC 2 Type II and ISO 27001 certifications. Vendor SOC 2 reports are reviewed annually per the Supplier Security Policy.
5. Environmental Controls (Office)
- Temperature and humidity controlled by building HVAC.
- Smoke detectors linked to central alarm.
- UPS protects network gear; laptops have built-in batteries.
6. Equipment Handling & Disposal
- Drives are encrypted (FileVault/BitLocker).
- End-of-life devices wiped using NIST 800-88 methods and disposed of via certified e-waste recycler.
7. Remote & Hybrid Work
Employees working remotely must: * Use company-issued, encrypted devices. * Prevent shoulder-surfing and lock screens when away. * Never print or store Restricted data at home.
8. Responsibilities
| Role | Responsibility |
| Office Manager | Day-to-day visitor logs & facility liaison |
| IT Lead | Asset disposal & device encryption assurance |
| Information Security Manager | Annual review of physical controls & cloud provider audit reports |
Evidence IDs: PHY-01, PHY-02 (see Controls Matrix).