Description

The University Unit maintains and reviews visitor access records to the information resource facilities.

Applicability

  • This Control applies to facilities that house information systems (e.g. data centers, server rooms or closets) considered mission critical and which require a higher level of security due to the nature of one of the following: ● type of equipment ● type of data the equipment stores Physical access records shall be reviewed as needed by University Unit Heads or their designees.

Implementation

  • 1

    Unit Heads or designees maintain visitor access logs to the Unit information resource facility for a period based on risk management decisions; and

    • 1.1

      Reviews visitor access log records annually, or as required by Federal requirements; and

    • 1.2

      Reviews visitor logs in response to a physical security incident.