This practice is a fundamental component of physical security controls mandated by ISO/IEC 27001. The standard requires organizations to implement controls to protect secure areas and ensure only authorized personnel are allowed access. Verifying identification badges is a direct method of confirming authorization. Checking bags is a preventative measure to stop unauthorized assets (e.g., unapproved laptops, recording devices) from entering or leaving a secure facility, thereby protecting information assets from compromise, theft, or damage. These procedures are typically defined in an organization's physical access control policy, which employees and visitors must adhere to as a condition of entry.

B. False: This is incorrect. Not allowing security to perform these checks would render physical entry controls ineffective, creating a significant vulnerability and failing to comply with the principles of securing physical areas as required by ISO/IEC 27001.

1. International Organization for Standardization (ISO). (2022). ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems — Requirements.

Reference: Annex A, Control A.7.2 (Physical entry). This control's objective is "to ensure that only authorized individuals are allowed to physically access the organization’s premises," which is achieved through procedures like ID verification.

2. International Organization for Standardization (ISO). (2022). ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection — Guidance on the application of ISO/IEC 27001.

Reference: Section 7.2 (Physical entry). This section provides implementation guidance, suggesting controls such as "an appropriate form of identification for each individual" and "challenging individuals who are not known or who are not wearing visible identification." Bag checks are a logical extension of controlling the physical perimeter.

3. Whitman, M. E., & Mattord, H. J. (2019). Management of Information Security (6th ed.). Cengage Learning.

Reference: Chapter 8, "Physical Security," Section on "Physical Access Controls." This university-level textbook describes the role of security guards in enforcing physical access controls, which includes verifying credentials (ID badges) and inspecting packages and bags to prevent unauthorized items from entering or leaving the premises.