Information Technology Services: Associate Vice President for Information Technology
Last Revised: 7/11/14
Title: Physical and Environmental Security
Applicable: Furman University (Students, Staff, Faculty)
Contacts: Information Technology Service Center ext. 3277
Background: Furman University Policy 071.11 “Organizational Security and Data Classification” establishes roles and guidelines for appropriate security and confidentiality of University information resources. This policy establishes requirements for physical and environmental security to protect University information resources.
Policy: Furman University faculty, staff and students must exercise care and judgment to ensure adequate protection of highly sensitive information.
Guidelines:
- The University Data Center is protected in a physically secure location with controlled access using the University’s card access system. University Police updates the list of individuals authorized to access the Data Center per instructions from either the Director of Systems and Networks or the Chief Information Officer.
- All servers containing institutional data, or data made accessible from off-campus, will reside in the University Data Center or an approved alternative location. The Chief Information Officer must approve all alternative server locations.
- Department managers are responsible for notifying ITS of surplus technology equipment no longer needed for business activities. Disposal of information systems equipment must proceed in accordance with procedures established by ITS, including the irreversible removal of information and software.
- Members of the University community should:
- Adopt “clean desk practices”. Don’t leave documents with highly sensitive information unattended; protect them from casual viewers or office visitors.
- Use a cover sheet for confidential documents.
- When away from your office, close your office door.
- Use a “Confidential” watermark with a sensitive Word document.
- Store highly sensitive paper documents in locked files with a controlled key system (a list of individuals who have access should be documented) or an appropriately secured area.
- Lock file cabinets containing highly sensitive information before leaving the office each day.
- Don’t leave the keys to file drawers with highly sensitive information in unlocked desk drawers or other areas accessible to unauthorized staff.
- Store paper documents that contain information that is critical to the conduct of University business in secure file cabinets. Keep copies in an alternate location.
- Shred paper documents containing highly sensitive information when no longer needed, making sure that such documents are secured until shredding occurs.
- Immediately retrieve documents containing highly sensitive information as they are printed on copy machines, fax machines or printers.
- Verify that you are the intended recipient of faxes. If you are not, contact the intended recipient and make arrangements for the proper dispatch of the fax.
- Do not discuss highly sensitive information outside of work or with anyone who does not have a specific “need to know”. Be aware of the potential for others to overhear communications about highly sensitive information in offices, on telephones, and in public places like elevators, restaurants, and sidewalks.
- Ensure that technology equipment containing highly sensitive information is securely transferred to ITS when it is no longer needed for business operation.
- Immediately report the theft of Furman University technology equipment to University Police. Loss or suspected compromise of data containing highly sensitive information should be immediately reported to ITS.