The practice of securely storing sensitive documents at the end of the workday qualifies as which control?

The practice of securely storing sensitive documents at the end of the workday is categorized as a physical control. Physical controls are security measures that are implemented to protect tangible assets and ensure the physical safety of sensitive information. These controls can include actions like locking files in a secure cabinet, using access control systems to restrict entry to certain areas, surveillance cameras, or security guards.

While administrative controls, which involve policies and procedures to govern the behavior and actions of personnel, are important for cybersecurity, the act of physically securing documents is more aligned with the definition of physical controls. Administrative controls do play a significant role in establishing the framework for security practices, but the specific action of storing sensitive documents securely is fundamentally about protecting the physical existence of the documents themselves against unauthorized access or theft.

Therefore, the practice mentioned is best classified under physical controls, as it directly involves actions taken to secure physical data and prevent it from being compromised.