56.10.04 - Managing Physical Security (Texas Administrative Code 202.73)

Return to policies website

PURPOSE:

To define physical access to information technology areas.

REVIEW:

This policy will be reviewed once a year by the director of infrastructure technology and the information security officer (ISO) and will be approved by the chief information officer (CIO).

POLICY/PROCEDURE:

Access to TTUHSC El Paso’s information technology (IT) areas is documented and controlled. Only authorized personnel may have access to any IT areas. An annual review of the physical security measures protecting IT areas is conducted by the Information Security team and approved by the CIO. Data Center personnel are trained to monitor environmental controls and respond appropriately to emergencies and equipment problems. Physical access to TTUHSC El Paso Data Centers must be limited to specific TTUHSC El Paso IT personnel and designated employees. Contractors, vendors, and visitors requesting access to the Data Centers must be accompanied by authorized TTUHSC El Paso IT personnel and access must be logged via the Data Center Visitor Access Log. Appropriate safety procedures, as defined by the TTUHSC El Paso Safety Services Department and outlined in the TTUHSC El Paso IT Disaster Recovery Plan, must be followed and annual tests conducted.