|
|
General Description
|
|
Description:
|
Information about physical access zones relative to the Red Flags Identity Theft Policy.
|
|
Purpose:
|
|
|
Scope:
|
All faculty, staff, students, and administrators
|
|
Responsibility:
|
Administration
Executive VP
VP of Business and Finance
|
 |
|
|
Requirements
|
|
Relevant Knowledge:
|
In order to comply with this policy you should know:
Current University policy
Federal statutes
Local statutes
Standard company policies
Standards of good practice
State statutes
|
|
Terms and Definitions:
|
Additional training
Corrective Action
Loss of privilege, general
|
|
|
|
|
Policy Provisions
|
1.
|
|
|
The University will establish, maintain, and enforce physical access zones in all of its facilities to control and limit access to CSI areas. There are four types of color coded zones, each with different access requirements.
| 1. |
Green Zones. Green zones are low priority public areas where everyone has access. |
| 2. |
Yellow Zones. Yellow zones are moderate priority operational or information processing areas. All employees are authorized in these zones. Service providers, customers, and visitors must be accompanied by an employee. |
| 3. |
Red Zones. Red zones are high priority areas containing proprietary information, record storage, or data bases. Access is limited to authorized employees only. All others must be identified, verified, and have an escort at all times. |
| 4. |
Grey Zones. Grey zones are transition zones where risk fluctuates as CSI enters and leaves. The transition zone takes on the characteristics of other zone requirements when CSI is introduced. Conference rooms and vehicles are good examples. |
|
|
|
|
|
|
|
Performance Evaluation
|
|
Performance Metrics:
|
Compliance with standard policy and procedure
Compliance with federal mandate
|
|
|
|
|
Consequences:
|
Further training
Loss of privileges
|
|
|
|
|
Subject Experts
|
|
The following may be consulted for additional information.
|
|
|
VP of Business and Finance
|
|
|
|
To Home Page