The Official Web site for the Office of Information Technology - UTSA

This document should be rendered in an HTML format with cascading style sheets and JavaScript turned on.

Office of Information Technology Home Page

Skip to Main Content

Skip to Navigation

Please take a few minutes to read our Accessibility Page which will make your visit through this Web site easier.

Copyright (c) 2010. The University of Texas at San Antonio. All rights reserved.

OIT Home > About OIT > Information Resource Standards >Physical Access Standard

Physical Access Standard

UTSA physical information resources must be protected in proportion to their criticality and confidentiality. All information technology facilities must have appropriate controls for granting and controlling access, monitoring the facility, and retracting permission for access when it is no longer needed. All individuals within the UTSA enterprise who are responsible for the installation and support of information resources, individuals charged with information resources security and data owners must follow these provisions, and the standard applies to multi-user and centralized computing facilities.

  1. All multi-user computer and communications equipment must be located in locked rooms to prevent tampering and unauthorized use.

  2. Physical security systems must comply with all applicable regulations such as, but not limited to, building codes and fire prevention codes.

  3. Access to information resource facilities must be granted only to the UTSA support personnel and contractors whose job responsibilities require access to that facility.

  4. The process for granting card and/or key access to information resource facilities must include the approval of the manager of the facility.

  5. Each individual who is granted access rights to an information resource facility must receive training in emergency procedures for that facility and must sign the appropriate access and non-disclosure agreements.

  6. Access cards and/or keys must not be shared by or loaned to others.

  7. All information resource facilities that allow access to visitors will track that access with a sign in/out log.

  8. Card access records and visitor logs for mission-critical information resource facilities must be kept for routine review, based on the criticality of the resources being protected.

  9. Visitors must be escorted while in access-controlled areas of information resource facilities.

  10. The manager of the information resource facility must review access records and visitor logs for the facility on a periodic basis and investigate any unusual access.

  11. The manager of the information resource facility must review card and/or key access rights for the facility on a periodic basis and remove access for individuals who no longer require access.

  12. All information storage media (such as hard disk drives, magnetic tapes and CD-ROMs) containing sensitive information must be physically secured when not in use.
Effective Date:

December 1, 2010

Compliance Date:

June 1, 2011

Last Revision:

August 20, 2010

Account Management

Disposal of Computers
Other Electronic Devices

Laptop Encryption

Policy Exception and Risk Assumption Procedures

Administrative/Special Access

E-Mail Management

Log-in Disclaimer

Security Monitoring

Application Registration

Incident Management

Network Access

Security Training

Enterprise Backup &
Data Recovery

Information Resource Use and Security (pending)

Network Configuration

Server Hardening

Change Management

Information Security Risk Assessment

Password

Software Licensing

Computer Naming Convention

Information Security Administrator (ISA)

Patch Management Standard

Threat Detection and Prevention

Configuration and Asset Management

Information Security Training Standard

Personal Computing

Unauthorized File Sharing

Copiers and Printers

Information Services Privacy

Physical Access

Vendor Access

Data Center

Internet Use

Portable Computing

Web Application Vulnerability Scanning

Data Classification

Intrusion Detection

Protection Against Malicious Software

Wireless Network

 

 

 

Workstation Operating Systems Support

Tools