6.26 EQUIPMENT SECURITY
Effective: August 15, 2024
Purpose: Emporia State University is committed to protecting the confidentiality, integrity, and accessibility of its information assets through its technology resources. These resources include items such as servers, applications and an intricate network which allows users to connect to the University’s local network, the University’s intranet, and the internet.
This policy sets out to protect the University’s technology assets from unauthorized physical access.
Scope: This policy applies to all technology related infrastructure devices including but not limited to servers, routing and switching devices, and telephone systems.
This policy does not include any University owned and maintained workstations unless those workstations are deemed critical to the function of the overall system nor does it include any device on the University’s premises not owned or maintained by the University.
Responsible Office: Information Technology
Policy Statement: Individuals authorized to use University technology assets will assist in safeguarding these resources. This includes protecting the resource from unauthorized access, modification, destruction or disclosure. The following levels have been established to help protect each technology asset:
IT Support Personnel: Information Technology (IT) employees designated by the University to be responsible for maintaining the University’s technology assets. IT Support Personnel are responsible to:
- Define and implement the appropriate safeguards to protect the confidentiality, integrity, and accessibility of technology assets.
- Monitor the safeguards to ensure compliance and report any non-compliance issues to the Information Security Officer (ISO).
- Develop a system of authorization for personnel requiring business access to technology assets and a means of the removal of access once it is no longer needed.
- Verify user access to information with owner annually and adjust as necessary.
- Manage the day-to-day operations of technology assets.
Unit Support Personnel: Employees designated by the unit to be responsible for maintaining the safeguards established by IT Support Personnel. Unit Support Personnel are responsible to:
- Implement the appropriate safeguards defined by IT to protect the confidentiality, integrity, and accessibility of technology assets.
- Monitor the safeguards to ensure compliance and report any non-compliance issues to the ISO.
If a given technology resource is shared among multiple University areas its owner will be the Chief Information Officer (CIO).
The ISO is responsible for monitoring and reporting compliance with the policy and for reviewing this policy on an annual basis.
All information technology infrastructure devices critical to the operations of the University will be physically located in a limited access, secured area.
Examples of such areas may include:
- The University’s Computing Center
- Wiring closets located in buildings
- Equipment racks with locked doors
Access to these areas must be controlled. Infrastructure devices located in a shared environment such as a computer lab, must be placed in a secured rack or cabinet with limited access. For network devices, unused ports must be administratively turned off.
All access to these secured areas must be approved by IT.
The President or designee must approve any exception to this policy.
Definitions: All words and phrases shall be interpreted utilizing their plain meanings unless otherwise defined in another University or Board of Regents policy or by statute or regulation.
Procedures: All procedures linked and related to the policies above shall have the full force and effect of policy if said procedures have first been properly approved by the University’s administrator in charge of Information Technology.
[Information Technology procedures - coming soon]
Related Policy Information: [coming soon]