IT0129 – Physical and Environmental Protection

IT0129 – Physical and Environmental Protection

Objective:

To establish a Physical and Environmental Protection Policy for implementing best practices with regard to the protection of facilities where information systems reside.

Scope:

This policy applies to all users of and information technology (IT) resources owned, operated, or provided by the University of Tennessee including its campuses, institutes, and administration (University and/or Campuses).

“Users” includes but is not limited to students, faculty, staff, contractors, agents, representatives, and visitors accessing, using, or handling the University’s information technology resources.

Information transmitted or stored on University IT resources is the property of the University unless it is specifically identified as the property of other parties.

Principles:

The University has chosen to adopt the policy principles established in the National Institute of Standards (NIST) 800 series of publications, and this policy is based on those guidelines.

The Chancellor or equivalent at each Campus must designate an individual or functional position responsible for information security at their Campus (Position of Authority and/or Campus Authority). The Position of Authority should be at a high enough organizational level to allow him/her to speak with authority on and for the Campus.

Each Campus must develop or adopt and adhere to a program that demonstrates compliance with this policy and related standards. This program is the responsibility of the Position of Authority.

Each User of University resources is required to be familiar and comply with University policies. Acceptance of this policy is assumed if a User accesses, uses, or handles University IT resources.

Policy:

Each of the University’s Campuses must develop or adopt and adhere to a formal, documented physical and environmental protection standard.  This standard must address purpose, scope, ownership, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.

All policy related standards and procedures must be consistent with applicable laws, regulations, and guidance.  This policy and all associated standards and procedures as well as their implementation effectiveness must be reviewed periodically and updated as needed.

References:

1. NIST Special Publications 800-12, 800-53, 800-100

Last Reviewed: October 14, 2015