Develop a physical security plan that includes a description of your assets, environment, threats, perimeter, and defenses.
Determine who might have physical access to any of your resources under any circumstances.
Have heat and smoke alarms in your computer room. If you have a raised floor, install alarm sensors both above and below the floor. If you have a dropped ceiling, put sensors above the ceiling, too.
Check the placement and recharge status of fire extinguishers on a regular basis.
Make sure that personnel know how to use all fire protection and suppression equipment.
Make sure that the placement and possible use of fire suppression systems will not endanger personnel or equipment more than is necessary.
Have water sensors installed above and below raised floors in your computer room.
Train your users and operators about what to do when an alarm sounds.
Strictly prohibit smoking, eating, and drinking in your computer room or near computer equipment.
Install carbon monoxide detectors.
Install and regularly clean air filters in your computer room.
Place your computer systems where they will be protected in the event of an earthquake, explosion, or structural failure. Avoid windows.
Consider the heat and air flow patterns in the room and from the computers. Avoid placing computers next to walls.
Keep your backups offsite.
Have temperature and humidity controls in your computer room. Install alarms associated with the systems to indicate if values go beyone a certain range. Have recorders to monitor these values over time.
Beware of actual insects trying to "bug" your computers.
Install filtered power and/or surge protectors for all your computer equipment. Consider installing an uninterruptible power supply, if appropriate.
Have antistatic measures in place.
Store computer equipment and magnetic media away from your building's steel structures. These might conduct electricity after a lightning strike.
Lock and physically isolate your computers from public access.
Consider implementing motion alarms or other protections to protect valuable equipment when personnel are not present.
Protect power switches and fuses.
Avoid having glass walls or large windows in your computer room.
Protect all your network cables, terminators, and connectors from tampering. Examine them periodically.
Use locks, tie-downs, and bolts to keep computer equipment from being carried away. When equipment must be moveable, permanently tag it.
Encrypt sensitive data on your systems.
Have disaster-recovery and business-continuation plans in place.
Consider using fiber optic cable for networks.
Physically protect your backups and test them periodically.
Sanitize media (e.g., tapes and disks) and printouts before disposal. Use bulk erasers, shredders and incinerators.
Check peripheral devices for local onboard storage that can lead to disclosure of information.
Consider encrypting all of your backups and offline storage.
Never use programmable function keys on a terminal for login or password information.
Consider setting autologout on user accounts and using screensavers with unlock passwords.