Explainer: Physical and Facility Security Rule (4-004F)
The University of Utah’s Physical and Facility Security Rule (4-004F) supports the Information Security Policy (4-004). The U’s IT security policy, rules, and procedures aim to protect the university’s IT resources, systems, and data, including that of students, patients, faculty, staff, guests, vendors, and more.
What does it say?
Rule 4-004F outlines the requirements to protect university buildings, facilities, IT systems, and network and power cables. Requirements include:
- Physical security (e.g., locks, alarms, access cards, visitor logs, and additional measures for areas with restricted data)
- Appropriate placement (e.g., IT equipment and hazardous materials)
- Monitoring for unauthorized access and physical threats (e.g., fire, water, and humidity)
- Adequate supporting utilities (e.g., electricity, water, and HVAC)
- Secure cabling (e.g., labels and underground placement)
- IT systems maintenance (e.g., preventive maintenance and repair logs)
Why should I care?
The physical and facility security rule protects university property and U community members from myriad threats. For example, many buildings or areas require an authorized UCard (ID badge) to gain access, thus protecting everyone and everything within from unauthorized individuals. The rule also helps to ensure that the university continues to operate smoothly.
Who does it apply to?
The rule applies to all university students, faculty, staff, patients, and business partners.
Up next in the March Node 4 newsletter — IT Resource and Information System Security and Vulnerability Management Rule (4-004G)
Our monthly newsletter includes news from UIT and other campus/ University of Utah Health IT organizations, features about UIT employees, IT governance news, and various announcements and updates.