Question HLDC-04
Does your organization have physical security controls and policies in place?
| Weight | 40 |
| High Risk | Yes |
| Required | Yes |
| Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
State plans to develop and implement a physical security policy.
Answering "YES"
Describe your physical security strategy.
Reason for Question
This question is primarily focused on system(s) integrity. If institutional data is stored in a system that is not physically secured from unauthorized access, the need for compensating controls is often higher. That means that although this question is in the Datacenter section, this question also encompasses office (and other) spaces used by the vendor to conduct operations.
Follow-Up Inquiries
If a weak response is given to this answer, response scrutiny should be increased. Inquire about the size of an organization, how it is physically deployed, and how employees interact with each other and verify each others credibility. Any follow-up question related to physical integrity of institutional data is relevant here.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]