Access Keys:
Skip to content (Access Key - 0)

Physical Access Landing Page

On this page:

Overview

Information can be physically accessed when someone obtains hardcopies, has hands-on control of the devices which process and store data, or are present any place documents and equipment are kept. This includes exposure while traveling and using mail/shipping services. Considering who has access to information whether in data centers, public areas like a cafe or airport, an office or living space and validating recipients when information needs to be transferred are critical components of securing information.

Protecting paper files and media that contains information, particularly when they are often kept in file cabinets, on desks, printers, and fax machines or carried along in backpacks and notebooks becomes as important part of your information security plan as the controls that protect information electronically.

How to

Keep research data secure while traveling abroad

Consider how you will keep research data (paper or physical media) such as forms, field notes, observations, interviews, informed consents, etc. secure while traveling. This could mean taking precautions such as:

  • Keep the information under your control at all times
  • Physically separating consent forms from data
  • Bring along prepaid, pre-addressed shipping envelopes to quickly send documents back to a secure storage location in the US

Protect information being mailed/shipped

  • Do use an express service with tracking information and require a signature on delivery.
  • Do use double envelopes for sending high risk information so information is not visible from the outside and also to deter tampering.
  • Do use an established courier/delivery service
    • While trendy local services may be more convenient, it's best to go the extra mile to protect high risk information to ensure it arrives to the intended recipient unexposed and intact.

Protect information in hard copy that may be in file cabinets or on desks

  • Do maintain clean desk policy and keep high risk documents out of sight when not in use or when unauthorized individuals are in the vicinity. 
  • Lock cabinets when not in use or not in the vicinity.  
  • Lock office or doors for areas where high risk information is kept or stored, even if drawers and file cabinets have been locked.
  • Do dispose of high risk documents with a secure shredding service- do not place them in regular trash/recycle bins.  

Protect information while faxing/printing

  • Don't leave high risk information on the fax machine, printer, scanner - make arrangements retrieve documents as soon as they are printed.
  • Do make arrangements directly with the recipient when faxing high risk information to ensure they receive the fax as soon as possible
  • Do use a cover sheet with a label indicating high risk and the intended recipient

Restrict Access to Systems and Facilities Containing Medium or High Risk Information

  • "Piggybacking" and "Tailgating" with regards to physical security involves following an authorized person into a restricted area without presenting your own credentials for separate verification.  Be aware of who follows you into secure areas.  
  • Card Services
  • Card Access FAQ

Store System Hardware in a Data Center

See Also

Have Questions or Still Need Help?

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

December 18, 2019

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
infoprotect infoprotect Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki