SECURE AREAS

Effective: August 15, 2024

Purpose: Emporia State University maintains data and information critical to the operations of the University on multiple media. In order to ensure the University maintains the confidentiality and integrity of its information assets and follows all legal requirements with respect to protected information, this policy addresses securing areas which are used to store information considered sensitive or confidential as per the policy on Information Classification.

Scope: This policy applies to all facilities storing sensitive or confidential University information.

Responsible Office: Information Technology

Policy Statement: The Information Security Officer (ISO) is responsible for monitoring and reporting compliance with this policy. The ISO is responsible for reviewing this policy annually.

The unit heads are responsible to:

• Ensure offices and areas storing such information have appropriate locking mechanisms to secure from unauthorized access;
• Define and manage who should have access to those offices and areas. This includes the timely removal of access privileges when employees’ responsibilities change; and
• Ensure that individuals are responsible for securing their own areas when leaving said area.

Areas storing sensitive or confidential ESU information whether on paper, electronic media, or other media, must be secured from unauthorized access.

The President or designee must approve any exceptions to this policy.

Definitions: All words and phrases shall be interpreted utilizing their plain meanings unless otherwise defined in another University or Board of Regents policy or by statute or regulation.

Procedures: All procedures linked and related to the policies above shall have the full force and effect of policy if said procedures have first been properly approved by the University’s administrator in charge of Information Technology.

[Information Technology procedures - coming soon]

Related Policy Information: [coming soon]