IRS 1075 refers to the publication issued by the Internal Revenue Service (IRS) that mandates the measures, processes, checks and commitments to be deployed by anyone who receives or processes data from the IRS.
Contrary to the general impression of the public, IRS 1075 stipulations extend far beyond encryption and other digital processes. These regulations are comprehensive in nature, and among the key stipulations are requirements for physical security of data centers and other facilities handling IRS data.
Some of the key directions in this regards include:
- Earmarking restricted areas with signage, and demarcating the same from non-restricted areas with a physical barrier.
- Access control to the data processing and storing facilities, transmission lines and information systems, using various means, including manual keys, electronic locks, door monitor and more. The regulations require that the number of entrances be kept at a minimal and that an employee monitor the main entrance to the facility to ensure access only to authorized employees.
- Maintaining an authorized access list updated regularly and logging the time in and time out of all visitors. The stipulations also require authenticating visitors before access to such restricted areas.
- Location of safeguard Information systems components to minimize potential damage from physical harm, environmental hazards and unauthorized access.
- Detailed specifications for the construction of security room including quality of materials to be used and storage containers, safes and vaults, complete with guidelines to control and safeguard keys and combinations.
- Having intrusion detection equipment in place such as magnetic windows, door sensors, motion detectors, alarms and more to detect breeches of the perimeter and set off an alarm.
Compliance procedures and policies can never be underestimated, no matter how trivial it may seem on first sight. As the adage goes, a chain is only as strong as its weakest link.