PROCEDURE:††††††††††††††††††††††††††††† †† ††††††††††††††††††††††† DATE:† October 21, 2013
SUBJECT:† †††††††††††††† Physical Security Controls
Prepared by: ††††††††††† Sherry Hahn, Digital Research and Curriculum Coordinator
Approved by:†††††††††††† Dr. Dean O. Stenehjem, Superintendent
purpose of this policy is to establish standards for the physical security
controls of internal workstation/server/telecommunications/network equipment
that is owned and/or operated by Washington State School for the Blind.
Effective implementation of this policy will minimize security risks to
This procedure applies to pc, server (including web), telecommunications and network equipment owned and/or operated by Washington State School for the Blind, and to servers registered under any Washington State School for the Blind-owned internal network domain.
1. † Design and enforcement of physical protections and guidelines for working in secure areas
a) Current documentation of physical layout will be maintained by the agency Plant Manager Ė Reference pdf document WSSB Site Utilities 2013
b) Physical Security Attributes:† Main telecommunications and data center located in basement of Old Main building secured with solid core door with key lock entry (limited key access), Halon alternative fire suppression system as primary with water sprinkler backup, UPS provides server uptime during power disruptions. Secondary IDF: UPS server protection, limited key access, water sprinkler fire suppression. Edge equipment is placed within discrete, non-descript areas.
c) Guidelines for secure locations: Access to data center facilities are physically protected in proportion to the criticality of the business functions and associated systems, assets and infrastructure. Access to data center facilities is granted only to State support personnel and contractors whose job responsibilities require access to that facility. Security Clearance requirements are determined by the agency plant manager and/or IT department.
d) Facility access control: Access to data center facilities is granted only to State support personnel and contractors whose job responsibilities require access to that facility. Access keys are not loaned or share to others. Access keys that are no longer required are returned to the Superintendentís Administrative Assistant. Lost keys are reported immediately to the Organization. Visitors are escorted to limited access control areas of facilities along with signing sign-in/out logs.
e) Physical data storage and telecommunications controls: The telecommunication lines, and data storage equipment of WSSB will be adequately protected to ensure both availability and confidentiality of this resource. The facilities management and IT Department will ensure that adequate safeguards are in place extending to supporting infrastructure, such as utilities and cabling.
f) Off-site media storage: WSSB does not utilize off-site media storage. All back-up data is secured in a secondary on-campus building location within a fire rated vault.
g) Physical security controls for mobile devices: WSSB issued iPads contain policies that require a key-code physical access to the unit and allows for remote data erasure. Laptops require login to access physical data based on active directory authentication, hard drive data is protected by Windows hard drive encryption.
2.† Documentation of physical security controls: Logs will be maintained and stored of visitor entry to secure areas, key issuance and return records are maintained by Superintendentís Administrative Assistant, iPad management software records compliance level related to assigned security policies. Records of hard drive encryption and initialization are stored in the devices active directory object, logs are created through active directory authentication.
Server††††††††††† For purposes of this policy, a Server is defined as an internal WSSB Server.