The purpose of this policy is to establish the rules for the granting, control, monitoring, and removal of physical access to Longwood information technology resources and systems facilities.  These facilities include areas containing sensitive data and telecommunications equipment.

A.  COV IRTM  Information Technology Security Standards

1.  Mission critical system facilities must be located in a secure location that is locked and restricted to authorized personnel only.

2.  Access to “critical” computer hardware, wiring, displays and networks must be controlled by rules of least privilege.

3.  A system of monitoring and auditing physical access to “critical” computer hardware, wiring, displays and networks must be implemented (e.g. badges, cameras, access logs).

All physical security systems must comply with all applicable regulations such as, but not limited to, building codes and fire prevention codes.

All facilities must be physically protected in proportion to the criticality or importance of their function at Longwood.

Access to facilities must be granted only to authorized personnel whose job responsibilities require access to that facility.

Access to facilities must include the approval of the person responsible for the facility.

All facilities must track visitor access with a sign in/out log based upon the criticality of the facility being protected.  Vistors must be escorted by the appropriate Longwood University staff member.

Access logs (authorized personnel, visitors, etc.) for facilities must be kept for routine review by the person responsible for the facility based upon the criticality of the facility being protected. 

At a minimum, access to facilities will be reviewed for accuracy by the person responsible for the facility on an annual basis.

Approved by the Board of Visitors, April 1, 2005.