Project 394 Develop and document policies and procedures for physical security.

Hardware security of open area desktops;

Padlocking open area machines shut. This has been done in the support area in the Forum. Do we want to do this with other machines in open areas in the Forum? "Checking for keyloggers." Removed - separate project. Logging out - overnight? Over lunchtime? It was decided overnight was sufficient.


Ensuring use of screenlocks. Trusted on DICE. Check MDPs - do they screenlock?Check self-managed machines. Added instructions to self-managed policy page; Check what the university policy is. Emailed Angus as I can't find any policy. University guidance linked in to self-managed policy page. Angus emailed for update

Exam prep machines;

Are they locked shut and securely fastened? These machines are padlocked shut and fastened to the table with security cables.

Access. They are in an office that is locked when no member of staff is present.

Equipment leaving the school;

Authoriser? Responsibility once it's gone. Procedure to hand to user removing the kit. Data? "Procedure required"

Keep disk;

Change in procurement, only for DICE. Data Management Plans.

Wiping data from kit to be disposed of/given to charity;

Desktops; MDP/DICE/Self-managed Servers Laptops Although in principal this is our policy, should we have different rules for types of desktop?

Stolen/Lost hardware;

Identify data Report? To HOS and ICO Was data encrypted?

Returned kit;

Wipe, reinstall? Desktops/laptops Policy for CSOs

WEEE recycling;




-- CarolDow - 12th November 2019

Topic revision: r4 - 12 Nov 2019 - 15:20:15 - CarolDow
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies