Placement
Appropriate physical safeguards must be placed on equipment that stores or processes institutional data. In addition to physically securing this equipment, consideration must be given to other environmental-related aspects that could, if not managed correctly, cause an interruption of service or availability and thus disrupt the university's mission. Careful thought must be given to ensure proper power (e.g., Uninterruptible Power Supplies, generator power backup, redundant power feeds), adequate fire protection, proper heating and cooling, and so on. These environmental safeguards must be commensurate with the sensitivity of the data contained in or processed by the equipment. Equipment removed from university premises is particularly vulnerable to loss or theft. Therefore, the equipment must be protected when off-site, at home, or while in transit from one location to another.
Disposal and Redistribution
Information stored in equipment being disposed, redistributed, or sold must be securely removed to prevent the disclosure of the information to unauthorized parties.
Each unit at the university is responsible for the security of the buildings and rooms that house information and information technology systems in support of their business or role.
The process for reviewing, analyzing, requesting, installing, and maintaining physical security safeguards, as well as the expertise for performing each of these tasks, varies across campuses and units. University Public Safety and Institutional Assurance can assist units in establishing physical security policy and procedures that govern their facilities.
At IU, can I lease space in the Data Center for my departmental servers, and what other options exist? | IU Knowledge Base
The IU Intelligent Infrastructure provides hardened data center services. See especially their Service Level Expectations for descriptions of their secure practices.
For more on security related to the principle of availability, see Domain 11: Business Continuity.
The Facilities Physical Security, Safety, and Privacy Program provides facility design guidance to the university community.
The Video and Electronic Surveillance policy provides direction for units wanting to deploy video and other forms of surveillance in university facilities.
Capital Projects provides a Facilities Physical Security, Safety, and Privacy - Base Bid Standards document outlining standards to incorporate into facility design, for new construction and renovation.
Placement
The policy on Security of Information Technology Resources still applies, regardless of the placement or location of the equipment.
At IU, can I lease space in the Data Center for my departmental servers, and what other options exist? | IU Knowledge Base
The Office of Financial Management Services governs the process for removing capital equipment from university property.
Financial Management Services Policy ACC–140 : Off-Premise Capital Equipment Control
While non-capital equipment is not covered by this policy, appropriate inventory and tracking methods should still be used, particularly if the non-capital equipment contains or processes sensitive information.
Protecting Your Laptop Computer | IU Information Security Office
Do you plan to travel abroad and take your university issued laptop computer, digital storage device, or any encryption products with you? The Export Control Office in the Office of Research Administration can help you determine if your university-issued electronic components require a license prior to international travel, can provide tips for international travel with information stored on electronic components, and can provide a list of sanctioned and restricted parties and entities with whom IU is prohibited by federal law from doing business with. Contact them at export@iu.edu.
Disposal and Redistribution
University Purchasing governs the disposal and redistribution of university property.
In addition to digital media, information classified as Critical stored in paper form must also be securely destroyed. The IU Office of Procurement Services maintains a list of contracted vendors; there is at least one vendor located near each IU campus.
