The physical risk to an information system is perhaps the most important to consider. You MUST limit physical access to a system or any technical or administrative controls you implement are meaningless because they can be bypassed easily. With direct physical access ANYONE can boot a server into a Kali Linux Live CD/USB or do a Password Recovery on your Cisco Router PWNAGE!!!! If you can physically touch a system, then you can own it.
Additionally, you should have a contingency plan for the most likely avenue of physical disaster to a system. This limits the potential of intentional and unintentional harm to the system.
To limit the physical risk to an information system the NIST SP 800-53/DIARMF prescribes “Physical and Environmental Protection” Controls:
PE-1 Physical and Environmental Protection Policy and Procedures