Standard for Physical and Environmental Security – Secure Areas

I. Purpose

The purpose of this standard is to establish baseline controls to prevent unauthorized physical access, damage, or interference to the university’s information and information processing facilities.

II. Scope

Physical protections should be in place to prevent unauthorized access to any university information and information processing facilities. Furthermore, it is important for all UNC Charlotte staff, faculty, students, associates, affiliates, contractors, volunteers or visitors using UNC Charlotte facilities, services or IT systems to understand the need to ensure physical protections to any university information.

III. Contacts

Direct any general questions about this standard to your unit’s Information Security Liaison. If you have specific questions, please contact OneIT Information Security Compliance at ISCompliance-group@uncc.edu.

IV. Standard

Steps to prevent unauthorized access, damage or interference to the university’s information or information processing facilities should include:

  • Defined physical security perimeters
    • Security perimeters should be used to protect areas containing sensitive or critical information or information processing and the boundaries should be appropriate to the sensitivity of the information contained within.
  • Physical entry controls
    • Secure areas should be protected by appropriate entry controls to ensure that only authorized personnel are allowed access.
  • Physical security for offices, rooms, and facilities
    • Physical security for offices, rooms, and facilities should be designed and implemented.
  • Protection against external and environmental threats
    • Physical protection should be designed and implemented to protect against natural disasters, accidents, and malicious attacks.
  • Working in secure areas
    • Procedures for working in secure areas should be designed and implemented.
  • Delivery and loading areas
    • Delivery and loading areas should be isolated from information storage or processing facilities.

Related Resources

ISO/IEC 27002 was adopted by The University of North Carolina at Charlotte in 2012. All standards and guidelines are based on this code of practice for Information Security Management.

Revision History

Initially approved by the Information Assurance Committee 4/2/15
Updated 2/2/23