S 2.332 Equipping meeting, event and training rooms

Initiation responsibility: IT Security Officer, Top Management, Head of Organisation

Implementation responsibility: Head of Organisation, Building Services Manager

Meeting, event, and training rooms must either be equipped permanently for one of the mentioned purposes or (in the event of varying use) must be furnished in such a way that they can be adapted ideally to the respective current use.

In training rooms, the workplaces must be designed in terms of number and arrangement of the IT devices, as well as space in such a way that mutual disturbances are avoided and that every workplace provides for sufficient space for handling documents, writing pads, etc. without any problems.

The meeting, event, and training rooms must be equipped appropriately. For example, this includes communication and media support such as projectors or flipcharts. The following aspects should be taken into account in terms of equipment, amongst other things:

• For logical reasons, the power connections should be located where projectors, laptops, or other electrical loads are to be installed. They should furthermore be present in sufficient numbers for typically provided IT systems such as laptops. This also serves for information security, since IT devices may fall down or be damaged otherwise due to wild cabling and negligence.
• The power supply of a meeting, event, and training room must be established separately from other rooms from the last sub-distributor. Thus, impairments of the energy supply have no effects on other rooms. A separate sub-distributor in the meeting, event, and training room is ideal. This renders the necessity of searching the sub-distributor located somewhere else in the building upon activation of a fuse element inapplicable.
• At least one landline phone connection should be present in order to ensure availability during events. This is particularly important if mobile phones are to be switched off during events or if mobile phones are banned altogether. The connection must be enabled permanently for internal calls. For incoming and outgoing external calls, the connection must be enabled by authorised persons in order to provide protection against misuse, if required.
• It must be considered whether network sockets for connection to the internet or internal networks are to be installed. Since this may entail numerous threats for internal networks, such network accesses must be protected accordingly (see also S 2.204 Prevention of insecure network access). If internet access is required, establishing this connection separately and not using the intranet should be considered.
• When configuring a WLAN in meeting, event, and training rooms, all required security safeguards must be implemented.

Review questions:

• Have meeting, event, and training rooms been equipped in such a way that they provide for an ideal and secure environment for meetings with outsiders?
• Are the power connections located where projectors, laptops, or other electrical loads are to be installed?
• Has the power supply of a meeting, event, and training room been established separately from other rooms from the last sub-distributor?
• If network sockets are present in meeting, event, or training rooms to establish a connection to the internet or internal networks, are these protected accordingly?
• If WLAN is available in meeting, event, or training rooms, is it protected accordingly?