Description

The Unit Head shall designate the appropriate staff member to develop and maintain a list of personnel with authorized access to information resource facilities where information systems reside and issues appropriate authorization credentials.

Applicability

  • This Control applies to facilities that house information resources (e.g. data centers, server rooms or closets) considered high or moderate impact and which require a higher level of security due to the nature of one of the following: ● type of equipment ● type of data the equipment stores University Unit Heads or their designees (e.g. Facility Coordinators, Area Proctors) have the responsibility for keeping an updated list of individuals with authorized access to information resource facilities.

Implementation

  • 1

    A Unit Head, or designee, shall develop, approve, and maintain a list of individuals with authorized access to information resource facilities under their control, including:

    • 1.1

      Issuing authorization credentials for information resource facility access;

    • 1.2

      Reviewing access lists annually detailing authorized information resource facility access; and

    • 1.3

      Removing individuals from the facility access list when authorized access is withdrawn:

      • 1.3.1

        Within 24 hours for facilities containing containing information containing Critical or Confidential data; and

      • 1.3.2

        Within 5 business days for other facilities containing information resources.