56.10.04 - Managing Physical Security (Texas Administrative Code 202.73)

Return to policies website

PURPOSE:

To define physical access to information technology mission critical areas.

REVIEW:

This policy will be reviewed once a year by the Managing Director of Datacenter Operations and will be approved by the Chief Information Officer (CIO).

POLICY/PROCEDURE:

Access to TTUHSC El Paso’s information technology (IT) areas is documented and controlled. Only personnel who have a need for specific physical access to accomplish a legitimate task may have access to any IT areas.

Data Center personnel are trained to monitor environmental controls and respond appropriately to emergencies and equipment problems. Physical access to TTUHSC El Paso Data Centers must be limited to specific TTUHSC El Paso IT personnel and designated employees. Contractors, vendors, and visitors requesting access to the Data Centers must be accompanied by authorized TTUHSC El Paso IT personnel and access must be logged via the Data Center Visitor Access Log.

Key, temporary keys and card access should not be shared among employees. Lost or stolen key or access cards must be reported to the person responsible for the facility and to Facilities and Police departments. Keys and card access must be collected when employment is terminated.

Datacenter facilities must be protected with Fire Protection systems and monitored with temperature and humidity controls and video surveillance systems.

Appropriate safety procedures, as defined by the TTUHSC El Paso Safety Services Department and outlined in the TTUHSC El Paso IT Disaster Recovery Plan, must be followed and annual tests conducted.

Disclaimer Statement. TTUHSC El Paso reserves the right to interpret, change, modify, amend or rescind any policy in whole or in part at any time without the consent of employees.