Description

The Unit Head shall designate the appropriate staff member to develop and maintain a list of personnel with authorized access to information resource facilities where information systems reside and issues appropriate authorization credentials.

Applicability

  • This Control applies to facilities that house information systems (e.g. data centers, server rooms or closets) considered mission critical and which require a higher level of security due to the nature of one of the following: ● type of equipment ● type of data the equipment stores University Unit Heads or their designees (e.g. Facility Coordinators, Area Proctors) have the responsibility for keeping an updated list of individuals with authorized access to information resource facilities.

Implementation

  • 1

    A Unit Head, or designee, shall develop, approve, and maintain a list of individuals with authorized access to information resource facilities under their control, including:

    • 1.1

      Issuing authorization credentials for information resource facility access;

    • 1.2

      Reviewing access lists annually detailing authorized information resource facility access; and

    • 1.3

      Removing individuals from the facility access list when authorized access is withdrawn:

      • 1.3.1

        Within 24 hours for facilities containing containing information containing restricted or confidential data; and

      • 1.3.2

        Within 5 business days for other facilities containing information resources.