†††††††††††††††††††††††††††††† WASHINGTON STATE SCHOOL FOR THE BLIND

 

PROCEDURE:††††††††††††††††††††††††††††† †† ††††††††††††††††††††††† DATE:October 21, 2013

_____________________________________________________________≠___

 

SUBJECT:†††††††††††††† Physical Security Controls

 

Prepared by: ††††††††††† Sherry Hahn, Digital Research and Curriculum Coordinator

 

Approved by:†††††††††††† Dr. Dean O. Stenehjem, Superintendent

_____________________________________________________________≠___

 

PURPOSE:††

The purpose of this policy is to establish standards for the physical security controls of internal workstation/server/telecommunications/network equipment that is owned and/or operated by Washington State School for the Blind. Effective implementation of this policy will minimize security risks to Washington State School for the Blind proprietary information and technology.

 

SCOPE:††††††††

This procedure applies to pc, server (including web), telecommunications and network equipment owned and/or operated by Washington State School for the Blind, and to servers registered under any Washington State School for the Blind-owned internal network domain.

 

1. Design and enforcement of physical protections and guidelines for working in secure areas

 

Facilities

a)    Current documentation of physical layout will be maintained by the agency Plant Manager Ė Reference pdf document WSSB Site Utilities 2013

b)    Physical Security Attributes:Main telecommunications and data center located in basement of Old Main building secured with solid core door with key lock entry (limited key access), Halon alternative fire suppression system as primary with water sprinkler backup, UPS provides server uptime during power disruptions. Secondary IDF: UPS server protection, limited key access, water sprinkler fire suppression. Edge equipment is placed within discrete, non-descript areas.

c)    Guidelines for secure locations: Access to data center facilities are physically protected in proportion to the criticality of the business functions and associated systems, assets and infrastructure. Access to data center facilities is granted only to State support personnel and contractors whose job responsibilities require access to that facility. Security Clearance requirements are determined by the agency plant manager and/or IT department.

d)    Facility access control: Access to data center facilities is granted only to State support personnel and contractors whose job responsibilities require access to that facility. Access keys are not loaned or share to others. Access keys that are no longer required are returned to the Superintendentís Administrative Assistant. Lost keys are reported immediately to the Organization. Visitors are escorted to limited access control areas of facilities along with signing sign-in/out logs.

e)    Physical data storage and telecommunications controls: The telecommunication lines, and data storage equipment of WSSB will be adequately protected to ensure both availability and confidentiality of this resource. The facilities management and IT Department will ensure that adequate safeguards are in place extending to supporting infrastructure, such as utilities and cabling.

f)     Off-site media storage: WSSB does not utilize off-site media storage. All back-up data is secured in a secondary on-campus building location within a fire rated vault.

g)    Physical security controls for mobile devices: WSSB issued iPads contain policies that require a key-code physical access to the unit and allows for remote data erasure. Laptops require login to access physical data based on active directory authentication, hard drive data is protected by Windows hard drive encryption.

 

2.Documentation of physical security controls: Logs will be maintained and stored of visitor entry to secure areas, key issuance and return records are maintained by Superintendentís Administrative Assistant, iPad management software records compliance level related to assigned security policies. Records of hard drive encryption and initialization are stored in the devices active directory object, logs are created through active directory authentication.

 

 

Definitions

Term††††††††††††† Definition

WSSB †††††††††† Washington State School for the Blind

Server††††††††††† For purposes of this policy, a Server is defined as an internal WSSB Server.