Which entity manages the physical security of information systems?

The entity responsible for managing the physical security of information systems is the Information Systems Security Managers (ISSM). The role of an ISSM includes ensuring that the physical security measures are in place to protect sensitive information and technology resources from unauthorized access, damage, or interference. This involves assessing vulnerabilities, implementing security controls, and ensuring compliance with relevant security policies, thus safeguarding the confidentiality, integrity, and availability of the information systems.

ISSMs play a critical role in an organization’s overall security strategy by coordinating with both physical security and information technology departments to address all facets of security needs. Their training and expertise position them as key figures in creating a secure environment for information systems, ensuring that both physical and cybersecurity measures are effectively integrated.

While other entities may support security functions or address force protection issues, it is the ISSM's direct responsibility to specifically manage the physical aspects of security related to information systems, ensuring that access is restricted only to authorized personnel and that adequate measures are in place to mitigate potential physical threats.