Site inspections are conducted for each major location, in order to identify the Physical and Environmental Controls in place and any potential physical security countermeasures and vulnerabilities. Typically, staff members at each location escort the evaluators through the facilities, which generally include: Data Centres, Hosting Facilities, Alternate Power Facilities, File and Backup Storage Areas, Application Development Environments, Customer Service Centres, and System Management Locations.

The Physical and Environmental Controls include (but are not limited to) the following elements:

•  Location and Facility Security,

•  Perimeter Security,

•  Access Controls,

•  Equipment Security,

•  Intrusion Detection,

•  Alarm Systems,

•  Surveillance Systems,

•  Heating, Ventilation, and Air Conditioning,

•  Power Systems,

•  Power and Communications Cabling,

•  Fire Detection and Suppression, and

•  Emergency Response.