Physical Security Policy
Revised: 06/30/2009
1. Overview.
Physical Security means providing environmental safeguards for, and controlling physical access to, equipment and data on the TCCC-RYSS Information Technology Network in order to protect information technology resources from Unauthorized Use, in terms of both physical Hardware and data perspectives.
2. Purpose.
The purpose of this policy is to establish standards for granting, monitoring, and terminating physical access to the TCCC-RYSS Information Technology Network and to protect equipment on the TCCC-RYSS Information Technology Network from environmental factors.
3. Scope.
This policy applies to the entire TCCC-RYSS Information Technology Network, including but not limited to computer labs, Network Closets, and the Information Technology Services Network Operations Center.
4. Policy.
Environmental Safeguards
1. Adequate air conditioning must be operational in TCCC-RYSS Information Technology Network facilities that house information technology resources, to prevent long-term heat damage and equipment failure.
2. All TCCC-RYSS Information Technology Network facilities must have adequate fire extinguishing devices present in the office area. These devices must be inspected by TCCC-RYSS Public Safety personnel.
3. All TCCC-RYSS Information Technology Network information technology resources must be fitted with effective Surge Protectors to prevent power spikes and subsequent damage to data and Hardware.
4. Critical TCCC-RYSS Information Technology Network information technology resources must each be connected to an Uninterrupted Power Supply (UPS) in order to prevent power spikes, brownouts, and subsequent damage to data and Hardware.
5. Electrical outlets must not be overloaded by connecting too many devices. Proper and practical usage of extension cords are to be reviewed annually.
6. Water sensors must be placed under any raised floor.
Physical Access
1. All TCCC-RYSS Information Technology Network physical Security systems must comply with all regulations, including, but not limited to, building codes and fire prevention codes.
2. Physical access privileges to all TCCC-RYSS Information Technology Network facilities must be documented and managed by Information Technology Services.
3. All facilities that house TCCC-RYSS Information Technology Network information technology resources must be physically protected in proportion to the importance of their function.
4. Access to TCCC-RYSS Information Technology Network restricted facilities will be granted only to TCCC-RYSS staff and affiliates whose job responsibilities require access to that facility.
5. The process for granting card or key access to TCCC-RYSS Information Technology Network facilities must include approval from the TCCC-RYSS Director of Information Technology Services.
6. Secured access devices (e.g. access cards, keys, combinations, etc.) must not be shared with or loaned to others by Authorized Users.
7. Secured access devices that are no longer needed must be returned to the TCCC-RYSS Information Technology Services department, and logged appropriately before they are re-allocated to another Authorized User.
8. Lost or stolen TCCC-RYSS Information Technology Network secured access devices must be reported to Information Security personnel immediately.
9. The TCCC-RYSS Employees responsible for TCCC-RYSS Information Technology Network facilities must remove the secured access device rights of individuals that no longer require access.
10. TCCC-RYSS Visitors and other invitees must be escorted and monitored while in restricted TCCC-RYSS Information Technology Network facilities.
11. TCCC-RYSS Employees responsible for TCCC-RYSS Information Technology Network facilities must review access records and visitor Logs for the facility on a periodic basis, and investigate any unusual access.
12. All spaces housing information technology resources must be kept locked when not occupied by a TCCC-RYSS Employee, in order to reduce the occurrence of unauthorized entry and access.
13. Any piece of TCCC-RYSS Information Technology Network equipment which resides in a public access area must be secured to a piece of furniture, counter-top, or other suitably deterrent object with a theft-inhibiting device. Portable computers that are part of the TCCC-RYSS Information Technology Network must also be secured with theft-inhibiting devices.
5. Enforcement.
Any Authorized User found to be in violation of this policy will be considered an Unauthorized User, and as such are subject to disciplinary action pursuant with the Enforcement section of the Unauthorized Use Policy.
