The purpose of this standard is to establish baseline controls to prevent unauthorized physical access, damage, or interference to the university’s information and information processing facilities.
Physical protections should be in place to prevent unauthorized access to any university information and information processing facilities. Furthermore, it is important for all UNC Charlotte staff, faculty, students, associates, affiliates, contractors, volunteers or visitors using UNC Charlotte facilities, services or IT systems to understand the need to ensure physical protections to any university information.
Direct any general questions about this standard to your unit’s Information Security Liaison. If you have specific questions, please contact ITS Information Security Compliance at ISComplianceemail@example.com.
Steps to prevent unauthorized access, damage or interference to the university’s information or information processing facilities should include:
Defined physical security perimeters
Security perimeters should be used to protect areas containing sensitive or critical information or information processing and the boundaries should be appropriate to the sensitivity of the information contained within.
Secure areas should be protected by appropriate entry controls to ensure that only authorized personnel are allowed access.
Physical security for offices, rooms, and facilities
Physical security for offices, rooms, and facilities should be designed and implemented.
Protection against external and environmental threats
Physical protection should be designed and implemented to protect against natural disasters, accidents, and malicious attacks.
Procedures for working in secure areas should be designed and implemented.
Delivery and loading areas
Delivery and loading areas should be isolated from information storage or processing facilities.
ISO/IEC 27002 was adopted by The University of North Carolina at Charlotte in 2012. All standards and guidelines are based on this code of practice for Information Security Management.
Initially approved by the Information Assurance Committee 4/2/15