Physical security and access
The physical security for your Adobe Access environment can range from the server being placed in a secure room under lock and key, along with other equipment, to being in a secured alarmed cage, isolated from other computers, with two-part authentication such as badge and fingerprint, monitored continuously by Closed Circuit Television (CCTV). The degree of security that you implement depends on your organizations' policies, the risk involved (potential of loss and severity if lost), and other legal compliance requirements.
As a general rule, it is recommended that your Adobe Access environment be located in a secure server room where access is electronically controlled (with a card reader at a minimum), alarmed and monitored by security or someone who will respond rapidly to any breach or incident, with access continuously recorded on CCTV. The goal of this security recommendation is for your security team to know who is in the room and when they entered. If the server room is large and has a long list of people with access, the server must also be in a secure cage or rack to limit further access.
To implement an extremely high level of security, the protection must extend to the power supply, uninterruptable power supply (UPS), network equipment, and other related equipment. Any disruption to these items affects the server, especially if it must be up and running at all times. Access must be two-part, such as badge and PIN or badge and fingerprint. Also, anti-tailgating devices must be installed on the door to prevent authorized people from bringing in unauthorized people with them.
For general information and recommendations about physical security standards, see the ISO FAQs site.