Page 9 - Flipbook test Policy & Procedure_Neat
P. 9

EMORY UNIVERSITY

                                 o  Are accessible only by individuals who have been authorized
                                 o  Are of sufficient construction quality, design, and strength to prevent being
                                     access by brute force. Walls should be of solid construction, and the room
                                     should not be vulnerable to intrusion through the walls, from under the floor,
                                     or through the ceiling.
                                 o  Have a documented physical access security plan which includes:
                                           Procedures on how to apply for access
                                           A list of authorized approvers for access requests
                                           Procedures for validating/verifying access requests
                                           Procedures for allowing facility maintenance, documenting
                                            maintenance performed, and saving maintenance logs until no
                                            longer required.
                                           Procedures for requesting, authorizing, and approving visitor
                                            access, including the requirement that visitors be escorted or
                                            monitored (e.g. via video) at all times.
                                           Mechanisms for logging all access to the facility
                                           Have appropriate environmental controls
                            Items attached to sturdy immovable objects via cable locks (like a laptop connected to a
                              desk) may also be considered physically secure.

                       Conversely, areas that do not meet this criteria would not be considered secure.

                       Registrar Guidelines

                       The Registrar has set the following guidelines to ensure we are abiding by the University Search
                       & Secure Policy:
                            Everything that falls under the “Categories of sensitive information” must be locked up
                              during non-business hours.
                            When away from your desk for long periods of time, do not leave sensitive data on your
                              desk... lock it up!
                            If you are working on sensitive electronic data, lock your computer when you step away
                              from your desk for long periods of time.  To lock your computer select ctrl+alt+delete
                              and select “lock this computer”.
                            File cabinets, overheads, and drawers containing sensitive information should be locked
                              during non-business hours.
                            Keys to DP and Service Area filing cabinets are locked up in the safe every night.
                            Key to backroom and Testing & Evaluation is located in the Administrative Office.
                            The door leading from the Production Area to the building common area is to be kept
                              shut and locked at ALL times.  Those that do not work in the Production Area should not
                              use this door to enter or exit the office.
                            Fax machine should be turned off every night.
                            Do not place confidential information in employee mailboxes.  Give the documents
                              directly to the individual.
                            A retention plan is in place and enforced for all stored documents under the Registrar’s
                              realm of responsibility.

                       Checkpoints:

                            Monthly computer and physical desktop check to ensure compliance
                                 o  Everyone will be asked to signoff acknowledging compliance
                                                                                       May 30, 2013  Page 9
   4   5   6   7   8   9   10