Facility Access Management Procedure (SEC-PROC-006)

1. Purpose

To describe the process for provisioning, reviewing, and revoking physical access to company facilities to ensure a secure physical environment.

2. Scope

This procedure applies to all employees, contractors, and visitors requiring access to company-controlled facilities.

3. Overview

This procedure outlines the standardized steps for managing physical access. It covers the issuance of access badges for new personnel, the process for registering and escorting visitors, and the requirement for regular reviews of access rights to ensure they remain appropriate.

4. Procedure

Step	Who	What
1	Hiring Manager/HR	Submits a facility access request form for a new employee or contractor.
2	Facilities/Security Team	Provisions and issues a physical access badge based on the approved request, corresponding to the individual’s role and location.
3	Employee/Host	Registers visitors at the front desk. Visitors must sign in, be issued a temporary badge, and be escorted at all times.
4	Facilities/Security Team	Conducts and documents quarterly reviews of all physical access permissions to ensure they are still required and appropriate.
5	Manager/HR	Notifies the Facilities/Security Team immediately upon termination of an employee or contractor to revoke physical access.

5. Standards Compliance

Procedure Step(s)	Standard/Framework	Control Reference
1-5	SOC 2	CC6.4
1-5	HIPAA/HITECH	45 CFR § 164.310(a)(2)(i)

6. Artifact(s)

A completed access request form and an access review log.

7. Definitions

N/A

8. Responsibilities

Role	Responsibility
Hiring Manager/HR	Initiates and approves access requests for new personnel and reports terminations promptly.
Facilities/Security Team	Manages the physical access control system, issues badges, conducts access reviews, and manages visitor logs.
Employee/Host	Responsible for their assigned access badge and for escorting any visitors they host.