4.2 Physical Security

~~7.10~~

Access Control Architecture

Facility access is governed by a tiered zoning system. Movement between zones must be physically restricted and electronically logged.

Zone 1: Public/Administrative (Lobby, Offices)
- Access: Standard RFID badge.
- Visitor Mandate: All non-employees must sign NDAs and wear distinct "Visitor" badges (Red/Yellow) visible at all times. Visitors must be escorted 100% of the time by badged personnel.
Zone 2: General Production (SMT Lines, Assembly)
- Access: RFID Badge + Anti-Passback enforcement.
- Barrier: Full-height turnstiles or airlock doors to prevent "tailgating."
- Log Retention: Access ~~Control:~~logs must be retained for 12 months.
Zone 3: Restricted (Server Room, High-Value Cage)
- Access: Multi-Factor Authentication (MFA) required. This consists of RFID Badge + Biometric Scan ~~Biometrics/Badges~~(Fingerprint ~~for~~or ~~server rooms and "Cage" areas (high-value component storage)~~Iris).
- ~~Camera~~Door ~~Policies:~~Hardware: Doors must be fail-secure (remain locked upon power loss, barring fire code overrides) and equipped with door contact sensors to trigger alarms if propped open for >30 seconds.

The CCTV infrastructure provides forensic auditability for safety incidents and asset tracking.

Coverage Mandates:
- Entries/Exits: 100% coverage of all perimeter doors and internal zone transitions with facial identification clarity.
- Loading Docks: Cameras must capture license plates of all incoming/outgoing vehicles.
- Production Lines: Wide-angle coverage of SMT lines to verify machine utilization and operator presence.
Technical Specifications:
- Resolution: Minimum 1080p (2MP) ~~Where~~for general areas; 4K (8MP) for high-value counting areas.
- Frame Rate: Minimum 15 FPS (Frames Per Second).
- Retention: Footage must be stored on redundant RAID arrays for a minimum of 90 days before overwrite.

To protect client designs, the control of image capture devices is strictly enforced.

Restricted Imaging Zones: Photography and video recording are strictly prohibited on the production floor ("Red Zone") without written authorization from the Plant Manager.
Personal Devices: Personal smartphones and cameras are ~~allowed~~banned from Zone 2 (~~security)~~Production) ~~vs.~~and ~~where~~Zone ~~they~~3 (Restricted). They must be stored in lockers located in Zone 1.
CCTV Privacy Masks: Security cameras must be angled or digitally masked to prevent recording contents of computer monitors displaying CAD data, schematics, or BOMs.

Components classified as High-Value (e.g., CPUs, FPGAs, Memory) must be stored in a segregated, physical enclosure known as "The Cage."

Physical Structure: The enclosure must be floor-to-ceiling chain-link or mesh steel to prevent unauthorized reaching or climbing.
Inventory Control:
- Cycle Counts: Mandatory daily cycle count of top 10 value SKUs.
- Transaction Logs: All items entering or leaving The Cage must be electronically scanned. Manual logbooks are ~~banned~~insufficient.
- Two-Person Rule: Access to The Cage for inventory adjustment requires two authorized employees to badge in simultaneously.

Security Layer	Parameter	Limit / Mandate
Zone 2 Access	Authentication	Badge + Anti-Passback
Zone 3 Access	Authentication	Badge + Biometric
CCTV	Data Retention	>90 Days
CCTV	Resolution	>1080p
IP Protection	Personal Phones	Banned in Zone 2/3
The Cage	Access Protocol	Two-Person Rule
The Cage	Inventory Freq.	Daily (~~client~~Top IP10 ~~protection/privacy).~~SKUs)
Perimeter	Door Propped Alarm	>30 Seconds