Standard for Physical and Environmental Security - Equipment

I.  Purpose

The purpose of this standard is to establish baseline controls to prevent loss, damage, theft or compromise of assets and interruption to the university’s operations.

II.  Scope

All system and equipment owners, as well as users of that equipment, should ensure that measures are in place to protect equipment from loss, damage, theft or compromise.  Furthermore, it is important for all UNC Charlotte staff, faculty, students, associates, affiliates, contractors, volunteers or visitors using UNC Charlotte facilities, services or IT systems to understand the need to ensure the protection of any university equipment.

III.  Contacts

Direct any general questions about this standard to your unit’s Information Security Liaison. If you have specific questions, please contact ITS Information Security Compliance at ISCompliance-group@uncc.edu.

IV.  Standard

Steps to protect equipment and to prevent loss, damage, theft or compromise of assets should include:

  • Equipment placement and protection

Equipment should be positioned and protected in a manner to reduce the risk of environmental threats and hazards as well as opportunities for unauthorized access.

  • Supporting utilities

Equipment should be protected from power failures and from the impact of potential disruptions caused by failures in supporting utilities such as telecommunications, water, gas, sewage, and HVAC.

  • Cabling security

Power and network/telecommunications cabling should be protected from interception, interference, or damage.

  • Equipment maintenance

Equipment should be maintained by authorized personnel and in accordance with recommended service intervals to ensure availability and integrity.

  • Removal of equipment or assets

Equipment, information, or software should not be taken off-site without prior management authorization.

  • Security of equipment and assets off-premises

Security should be applied to off-site equipment and assets with consideration for the additional risks that are likely presented with working outside the campus.

  • Secure disposal or re-use of equipment

All equipment containing storage media should be verified to ensure that any sensitive data and licensed software has been removed or securely overwritten before it is disposed or re‑purposed.

  • Unattended user equipment

All users should ensure that unattended equipment has appropriate protection by terminating sessions, logging off from applications when no longer needed, initiating a screen lock, and securing computers or mobile devices with a pattern, PIN, or password when not in use.

  • Clear desk and clear screen policy

In addition to equipment screen locks, all work areas should be further secured by clearing those spaces of all papers and removable devices containing sensitive information. These papers and devices should be stored in appropriately secured locations.

Related Resources

ISO/IEC 27002 was adopted by The University of North Carolina at Charlotte in 2012. All standards and guidelines are based on this code of practice for Information Security Management.

Revision History

Initially approved by the Information Assurance Committee  4/2/15
Updated   9/1/16