Chapter 4 – Information Technology

49060.4 Special Site Security Guidelines

• The sites of SCOState Controller’s Office computer equipment shall be kept secure (by means of locking devices, guards, badges or barriers) from unauthorized physical or visual access. The site shall be located in an area restricted from the public and unauthorized employees. Entry shall be monitored during work hours, and restricted areas shall be locked when unattended. Keys shall be distributed on a limited and controlled basis to authorized employees only.

  • Layout plans for equipment shall include the following:

    • Floor Plan

      • The site layout shall include an analysis of employee work areas, the manner in which employees shall enter and exit the office, the location of SCOState Controller’s Office equipment, and the location and type of all locking devices and barriers.

    • Doors

      • Doors shall be solid, locking, full or Dutch-style doors that are accessible only with the correct key or electronic key/badge. Doors shall remain closed and locked at all times.

    • Windows

      • Interior windows shall be frosted or covered completely to eliminate visual access to the terminal screens. Exterior windows on a ground floor shall be frosted, covered, and secured if easily opened.

    • Locks

      • Locks shall be installed on all interior and exterior doors allowing access to the secured area. Acceptable locks include, but are not limited to, the following:

        • Key-controlled locks.

        • Code-controlled locks.

        • Electronic locks.

        • Double-bolting locks Dutch doors.

    • Counters

      • If a counter exists in the secured area, access into the work area shall be controlled and monitored. Records of approved access shall be maintained by the Security Monitor.

    • Changes To Site

      • Any changes to an approved, decentralized site require notification to the Security Monitor.