siting of the critical IT assets to ensure security and prevent unauthorized physical access. Clause 19 In addition to the physical and environmental security measures under Clause 18, an intermediary

) assess security requirement of IT assets based on their results of a risk assessment and criticality; (2) define the secure areas and the siting of the critical IT assets to ensure security and prevent