Description

The University schedules, performs, documents, and reviews records of routine preventative and regular maintenance (including repairs), or software patching on the components of the information resource in accordance with manufacturer or vendor specifications and/or university and unit requirements.

Applicability

  • The owner of an information resource, or designee, is responsible for implementing this Control.

Implementation

  • 1

    It is the responsibility of the information resource owner, or designee to:

    • 1.1

      Schedule, perform, document, and review records of maintenance, repairs, or software patching on information resources in accordance with manufacturer or vendor specifications and/or university or unit requirements;

    • 1.2

      Approve and monitor all maintenance activities, whether performed on site or remotely and whether the equipment is serviced on site or removed to another location;

    • 1.3

      Explicitly approve the removal of the information resources or components from university facilities for off-site maintenance or repairs;

    • 1.4

      Sanitize equipment to remove all Critical, Confidential, or University-Internal data from associated media prior to removal from university facilities for off-site maintenance, repairs, or surplus;

    • 1.5

      Check all potentially impacted security controls to verify that the controls are still functioning properly following maintenance or repair actions; and

    • 1.6

      Document in maintenance records, or change control.