Page 10 - Information_Security_Program
P. 10

ST. PAUL CAMPUS LOCATION SECURITY [DP220]
        Back to Table of Contents

        Scope: St. Paul Campus
        Distribution: Employees
        Purpose: To limit to authorized individuals the physical access of electronic information and systems.
        External Regulation or Standard: 45 CFR 164.310(a)(2)(ii);45 CFR 164.310(a)(2)(iii) ‐ Facility Access Controls, PCI DSS 4.3.1.2, 4.3.1.3
        – Network Access Points

         Who is Responsible    Statement     Policy, Standard, or Procedure Statement
                                Number
         Director of Assets      DP220.1     The Assets Protection team is responsible for the physical security of the St. Paul
         Protection                          Campus facility
         Employees with          DP220.2     Each employee and contractor must swipe an active GESM badge across a badge
         Managers and                        reader to gain access to restricted areas. Employees, contractors, participants and
         Directors to Monitor                guests without approved access must not follow behind other employees unless
                                             signed in at the front desk and escorted within restricted areas.
         Employees with          DP220.3     Employees, contractors, participants and guests must wear GESM approved guest
         Managers and                        badges or name tags when in restricted areas.
         Directors to Monitor
         Receptionist, and Asset   DP220.4   The front desk must require employees, contractors, participants and guests that don’t
         Protection Staff and                already have approved badge access to restricted areas to sign a log book, write the
         Contractors                         person being met, and receive an escort prior to gaining access to restricted areas.
         Facilities Manager,     DP220.5     Access to computer rooms must be restricted by a badge reader and authorized
         Asset Protection and                personnel must be in attendance at all times when computer rooms are in use.
         Services and Programs
         Employees
         Employees. Managers     DP220.6     Rooms containing file cabinets with PRI must be in a secured location.
         and Directors to
         Monitor
         Director of IT and IT   DP220.7     The organization will restrict physical access to publicly accessible network jacks,
         Staff                               wireless access points, gateways, and handheld devices.
         Facilities Manager      DP220.8     The organization's facilities will maintain fire detection and suppression systems and
                                             test their readiness at least annually.






























                                                                                                          8| P a g e
        GES CONFIDENTIAL
   5   6   7   8   9   10   11   12   13   14   15