Standard for Physical and Environmental Security – Equipment

I. Purpose

The purpose of this standard is to establish baseline controls to prevent loss, damage, theft or compromise of assets and interruption to the university’s operations.

II. Scope

All system and equipment owners, as well as users of that equipment, should ensure that measures are in place to protect equipment from loss, damage, theft or compromise. Furthermore, it is important for all UNC Charlotte staff, faculty, students, associates, affiliates, contractors, volunteers or visitors using UNC Charlotte facilities, services or IT systems to understand the need to ensure the protection of any university equipment.

III. Contacts

Direct any general questions about this standard to your unit’s Information Security Liaison. If you have specific questions, please contact OneIT Information Security Compliance at ISCompliance-group@charlotte.edu.

IV. Standard

Steps to protect equipment and to prevent loss, damage, theft or compromise of assets should include:

• Equipment placement and protection
  • Equipment should be positioned and protected in a manner to reduce the risk of environmental threats and hazards as well as opportunities for unauthorized access.
• Supporting utilities
  • Equipment should be protected from power failures and from the impact of potential disruptions caused by failures in supporting utilities such as telecommunications, water, gas, sewage, and HVAC.
• Cabling security
  • Power and network/telecommunications cabling should be protected from interception, interference, or damage.
• Equipment maintenance
  • Equipment should be maintained by authorized personnel and in accordance with recommended service intervals to ensure availability and integrity.
• Removal of equipment or assets
  • Equipment, information, or software should not be taken off-site without prior management authorization.
• Security of equipment and assets off-premises
  • Security should be applied to off-site equipment and assets with consideration for the additional risks that are likely presented with working outside the campus.
• Secure disposal or re-use of equipment
  • All equipment containing storage media should be verified to ensure that any sensitive data and licensed software has been removed or securely overwritten before it is disposed or re‑purposed.
• Unattended user equipment
  • All users should ensure that unattended equipment has appropriate protection by terminating sessions, logging off from applications when no longer needed, initiating a screen lock, and securing computers or mobile devices with a pattern, PIN, or password when not in use.
• Clear desk and clear screen policy
  • In addition to equipment screen locks, all work areas should be further secured by clearing those spaces of all papers and removable devices containing sensitive information. These papers and devices should be stored in appropriately secured locations.

Related Resources

• University Policy 311 Information Security
• Standard for Hardware and Media Disposal
• Guideline for Hardware and Media Disposal
• ISO/IEC 27002

ISO/IEC 27002 was adopted by The University of North Carolina at Charlotte in 2012. All standards and guidelines are based on this code of practice for Information Security Management.

Revision History

Initially approved by the Information Assurance Committee 4/2/15
Updated 1/5/23