Purpose

This policy establishes the physical security framework for Sourcegraph to protect people, assets, and sensitive information, ensuring compliance with applicable laws, standards, and best practices.

Background

The physical security of Sourcegraph’s offices is critical to safeguarding employees, customers, and sensitive data. This policy provides detailed objectives and implementation requirements to mitigate risks, ensure compliance, and maintain operational continuity across all Sourcegraph facilities.

Scope

This policy applies to all Sourcegraph-owned and occupied facilities, including the main office in San Francisco and co-working spaces. It governs all personnel, contractors, visitors, and assets within these facilities.

Policy

Access Control

• All Sourcegraph facilities must implement secure entry points with badge-based access control systems or a key.
• Only authorized personnel may access secure areas, with access logs maintained for audit purposes.
• Visitors must follow a formal check-in process, including issuance of visitor passes and maintenance of a visitor log.
• Employees must report lost or stolen access badges/keys immediately to the Security team and People & Talent team.

Physical Security of Assets

• All employees are responsible for securing company-issued laptops and other equipment, using locks or secure storage when not in use.
• A clean desk policy must be adhered to, ensuring sensitive information is not left unsecured.
• All devices must be configured to lock automatically after a period of inactivity.

Surveillance and Monitoring