Preaload Image

 

4.      Physical Security Policy

Physical security is an essential part of a security plan. To ensure the continuity of ICT operations and the physical security of all information assets, there is a need to develop a well-defined Physical Security Policy. The policy will help the University of Gondar safeguard its hardware, software, and data from exposure to persons (internal or external) who could intentionally or unintentionally harm University of Gondar ICT services and/or damage physical ICT resources.

Purpose

The purpose of this policy is to protect physical ICT services and resources through safe and secure operation guidelines.

Scope

This policy applies to the physical security of ICT services and resources of the University, including data centers, security surveillance cameras, all UoG-owned network devices, and servers and desktop computers. Additionally, any personnel working in (University community, contractual employees, trainees, privileged customers) and all other visitors visiting the University’s campus is covered by this policy.

Policy Statement

In general, the ICT Directorate shall:

  • Maintain standard security controls, such as locks on exterior doors and/or an alarm system, to secure the University’s ICT assets,
  • Provide security in layers by designating different security zones within the ICT building.  Security zones shall include:
    • Public: This includes areas of the ICT building that are intended for public access,
    • Private: This includes areas of the ICT building that are used only by the staffs,
    • Special access: This includes areas that are restricted to use by certain persons within ICT personnel for security or safety reasons.
  • A list of personnel with authorized access to the ICT facilities where information systems reside shall be maintained with appropriate authorization credentials. The access list and authorization credentials shall be reviewed and approved by authorized personnel periodically,
  • Power and telecommunications cables carrying data or supporting information services shall be protected from interception or damage.

 

4.1. Data Centers Room Security Policy  

4.2. Security Surveillance Camera Policy