This Control applies to facilities that house information resources (e.g. data centers, server rooms or closets) considered high or moderate impact and which require a higher level of security due to the nature of one of the following: ● type of equipment ● type of data the equipment stores Physical access records shall be reviewed as needed by University Unit Heads or their designees.

Unit Heads or designees maintain visitor access logs to the Unit information resource facility for a period based on risk management decisions; and

• 1.1

  Reviews visitor access log records annually, or as required by Federal requirements; and

• 1.2

  Reviews visitor logs in response to a physical security incident.