Page 10 - Information_Security_Program
P. 10
ST. PAUL CAMPUS LOCATION SECURITY [DP220]
Back to Table of Contents
Scope: St. Paul Campus
Distribution: Employees
Purpose: To limit to authorized individuals the physical access of electronic information and systems.
External Regulation or Standard: 45 CFR 164.310(a)(2)(ii);45 CFR 164.310(a)(2)(iii) ‐ Facility Access Controls, PCI DSS 4.3.1.2, 4.3.1.3
– Network Access Points
Who is Responsible Statement Policy, Standard, or Procedure Statement
Number
Director of Assets DP220.1 The Assets Protection team is responsible for the physical security of the St. Paul
Protection Campus facility
Employees with DP220.2 Each employee and contractor must swipe an active GESM badge across a badge
Managers and reader to gain access to restricted areas. Employees, contractors, participants and
Directors to Monitor guests without approved access must not follow behind other employees unless
signed in at the front desk and escorted within restricted areas.
Employees with DP220.3 Employees, contractors, participants and guests must wear GESM approved guest
Managers and badges or name tags when in restricted areas.
Directors to Monitor
Receptionist, and Asset DP220.4 The front desk must require employees, contractors, participants and guests that don’t
Protection Staff and already have approved badge access to restricted areas to sign a log book, write the
Contractors person being met, and receive an escort prior to gaining access to restricted areas.
Facilities Manager, DP220.5 Access to computer rooms must be restricted by a badge reader and authorized
Asset Protection and personnel must be in attendance at all times when computer rooms are in use.
Services and Programs
Employees
Employees. Managers DP220.6 Rooms containing file cabinets with PRI must be in a secured location.
and Directors to
Monitor
Director of IT and IT DP220.7 The organization will restrict physical access to publicly accessible network jacks,
Staff wireless access points, gateways, and handheld devices.
Facilities Manager DP220.8 The organization's facilities will maintain fire detection and suppression systems and
test their readiness at least annually.
8| P a g e
GES CONFIDENTIAL