Purpose: To ensure the overall performance of the technology systems, the equipment must be protected from harm, abuse, misuse and pilfering.
Procedure:
1. Rooms or cabinets that house servers will be secured either by electronic door entry systems or proximity cards or by mechanical means (locks). Access to these rooms/cabinets is restricted to authorized personnel only.
a. Keys or cards that allow access to the areas are limited in number and accounted for regularly.
b. Review of the personnel who has access to these areas is reviewed several times a year.
2. Rooms or areas that house large amounts of computer or technology equipment (including server rooms, switch closets and computer labs) have environmental controls to ensure that proper heating, cooling, ventilation, and dehumidification is provided. Environmental controls are monitored with a system to report environmental alarms.
3. All computer and technology equipment inventoried.
a. Verification is made periodically to ensure that equipment is still located where the inventory record states. When equipment is moved, the inventory record should be updated.
b. Laptops and other portable pieces of equipment are accounted for periodically by requiring the users to provide the piece for physical inspection.
c. Software clients such as Security, NetOp, Apple Remote Desktop, Google and Active Directory applications are capable of gathering inventory information, and can be used to track inventory of computer-based assets. Updates of software clients should be made on a regular basis.
4. A master set of user manuals are maintained and secured to ensure continuity of operations should other versions be destroyed. A master set of manuals is held in another area.
5. Media, such as disks, tape and other output should be protected in locked areas or cabinets. Media that is utilized for back-up of information, applications or systems are held in another area building or in a fire-rated cabinet. Aging media are transferred to a current technology (archived).