The purpose of this standard is to establish baseline controls to prevent loss, damage, theft or compromise of assets and interruption to the university’s operations.
All system and equipment owners, as well as users of that equipment, should ensure that measures are in place to protect equipment from loss, damage, theft or compromise. Furthermore, it is important for all UNC Charlotte staff, faculty, students, associates, affiliates, contractors, volunteers or visitors using UNC Charlotte facilities, services or IT systems to understand the need to ensure the protection of any university equipment.
Direct any general questions about this standard to your unit’s Information Security Liaison. If you have specific questions, please contact ITS Information Security Compliance at ISComplianceemail@example.com.
Steps to protect equipment and to prevent loss, damage, theft or compromise of assets should include:
Equipment placement and protection
Equipment should be positioned and protected in a manner to reduce the risk of environmental threats and hazards as well as opportunities for unauthorized access.
Equipment should be protected from power failures and from the impact of potential disruptions caused by failures in supporting utilities such as telecommunications, water, gas, sewage, and HVAC.
Power and network/telecommunications cabling should be protected from interception, interference, or damage.
Equipment should be maintained by authorized personnel and in accordance with recommended service intervals to ensure availability and integrity.
Removal of equipment or assets
Equipment, information, or software should not be taken off-site without prior management authorization.
Security of equipment and assets off-premises
Security should be applied to off-site equipment and assets with consideration for the additional risks that are likely presented with working outside the campus.
Secure disposal or re-use of equipment
All equipment containing storage media should be verified to ensure that any sensitive data and licensed software has been removed or securely overwritten before it is disposed or re‑purposed.
Unattended user equipment
All users should ensure that unattended equipment has appropriate protection by terminating sessions, logging off from applications when no longer needed, initiating a screen lock, and securing computers or mobile devices with a pattern, PIN, or password when not in use.
Clear desk and clear screen policy
In addition to equipment screen locks, all work areas should be further secured by clearing those spaces of all papers and removable devices containing sensitive information. These papers and devices should be stored in appropriately secured locations.
ISO/IEC 27002 was adopted by The University of North Carolina at Charlotte in 2012. All standards and guidelines are based on this code of practice for Information Security Management.
Initially approved by the Information Assurance Committee 4/2/15