The University of Sheffield
Corporate Information and Computing Services

Physical Precautions

This page is now outdated. Please see http://www.shef.ac.uk/cics/codeofpractice for the current IT Code of Practice.

All proper precautions should be taken to protect the physical security of equipment and information.
Use of physical security devices (such as clamps to secure computer processor units to desks) is recommended on all system equipment.

Evidence of recently purchased equipment (for example, packing cases) should not be left on view for potential thieves to see.

Sensitive information can often be left in a vulnerable state merely by others gaining physical access. Office doors should be kept locked when the occupant is away and where this does not conflict with safety regulations. Computer display screens and printers should be positioned strategically to avoid accidental disclosure of sensitive material.

A user should always log off from the computer account if leaving the computer unattended for any length of time. A user should also set a password protected screen saver or lock the workstation which will provide security for shorter absences.

As private information is only as secure as the security mechanisms employed on the system on which it is maintained, sensitive, and particularly clinical data, should where possible be maintained on a secure stand alone machine. When sensitive information is stored on a backup medium, precautions must be taken to ensure the storage is secure. Particular care should be taken to ensure physical security.

If sensitive information is processed off-campus, the same stringent procedures must be applied as on-campus. Machine access should be restricted and secure.

When transporting or transferring information, the information on separate media (eg floppy disk, tape, zip disk, etc) should where possible be kept away from the hardware, to reduce the risk of theft. Hardware or media should not be left unattended when travelling; portable computers should be carried as hand luggage.

Access to sensitive information should be strictly controlled when temporary staff or students are employed. Students should not have access to information stored about other students.