scope:

This standard applies to all TfL employees as we are all equally responsible for our physical security and that of our employees. This Standard also applies to employees responsible for capturing, managing or sharing information, including suppliers.

Purpose

This standard defines the requirements for the management of physical and environmental considerations relating to TfL's Information Technology (IT). This document summarises the information security controls and processes for securing buildings and internal equipment.

This standard sits within scope of TfL's IT Information Security Management System (ISMS), ensuring alignment to the information security standard ISO27001. This Standard also supports the Information Technology Security Policy (P116) which combined with the ISMS systematically manages and protects the confidentiality, integrity, and availability of TfL's information assets from threats and vulnerabilities managed from the TfL Management System (TMS).

The standard provides overall intent and direction, and where appropriate, is supported by relevant local procedures and best practises to assist in the interpretation and implementation of this standard.