This Control applies to facilities that house information resources (e.g. data centers, server rooms or closets) considered high or moderate impact and which require a higher level of security due to the nature of one of the following: ● type of equipment ● type of data the equipment stores. Responsibility for ensuring physical security to information resources may be part of the job function for departmental staff who may include, but not be limited to, information technology staff, information resource custodians, facility coordinators, supervisors, managers and others.

The Unit Head or designee is responsible for ensuring a secure environment for unit information resource facilities. Those responsibilities include:

• 1.1

  Authorizing, monitoring, and controlling information system components delivered to or removed from information resource facilities; and

• 1.2

  Documenting information system components delivered to or removed from information resource facilities.