Are sensitive or critical information areas segregated and appropriately controlled?
Is access to these areas controlled?
Is authorization required when transferring equipment to offsite location?
Have physical security facilities been implemented to protect the information processing service, for example, card control entry gate, walls, manned reception, separate delivery/loading areas etc.?
Do locations with key IT systems have adequate physical security that has been assessed by a third party?
Do you monitor employee access control systems?