Description

The university authorizes, monitors, and controls Information system components entering and exiting information resource facilities and maintains records of those items.

Applicability

  • This Control applies to facilities that house information systems (e.g. data centers, server rooms or closets) considered mission critical and which require a higher level of security due to the nature of one of the following: ● type of equipment ● type of data the equipment stores. Responsibility for ensuring physical security to information resources may be part of the job function for departmental staff who may include, but not be limited to, information technology staff, information resource custodians, facility coordinators, supervisors, managers and others.

Implementation

  • 1

    The Unit Head or designee is responsible for ensuring a secure environment for unit information resource facilities. Those responsibilities include:

    • 1.1

      Authorizing, monitoring, and controlling information system components delivered to or removed from information resource facilities; and

    • 1.2

      Documenting information system components delivered to or removed from information resource facilities.