Information Security Policies & Procedures Manual
Section 600: Physical and Environmental Security
The purpose of this section is to outline specific physical security policies and procedures which overlap with Information Security.
In general, physical security is the responsibility of Public Safety on campus. There are, however, areas where special attention is needed where Information Security can be effected. Specifically, the buildings where central servers are housed, office space where Protected Information is regularly accessed and visible to people in the immediate proximity, when electronic storage media is surplused from the university, and where Protected Information is physically transported such as when tape backups are taken off site.
The machine room within Milne Computer Center is to be considered a restricted area where only authorized personnel are allowed. Standard security measures such as name badges and audited door access codes shall be employed for physical access to the room. Given the critical nature of the Banner systems, the facility shall also be equipped with standby emergency power (both stored and generated) and shall be monitored 7 days a week; 24 hours a day for availability.
All electronic storage media are subject to the OSU Policy on Disposal of Data Storage Equipment maintained by OSU Business Services. This policy states that information shall be purged from all electronic media prior to surplus.
All physical transportation of Protected Information shall be done by a trusted courier who can provide document and pouch-level traceability. In the case where Personal Information for more than 1000 individuals is to be transported either in paper or electronic form; sealed pouches for paper documents and lock boxes for transport of tapes/CDs are required.