CSP - IT Rep - Physical Security

Last updated: March 23, 2023
 
Physical Security  
 

28. Physical Security (Server Rooms)

Are all servers under your control in a secure datacenter?
Secure datacenters are:

  • Core UBC datacenters
  • UBC approved datacenters, e.g. EduCloud, Compute Canada HPC,
  • Other third-party datacenters approved by the CISO
  • Departmentally managed datacenters which meet the essential physical security requirements (see instructions below)
Why is this Essential?

While electronic controls are important, they may become ineffective if the device is physically accessed or removed by an unauthorized party. UBC's and UBC approved datacenters (including third party datacenters) are intended to provide a secure location for operations, , controlled access to equipment and data, protection against environmental threats and support for the availability requirements.

Further, UBC as a public body, we are obligated by the "BC Freedom of Information and Protection of Privacy Act (FIPPA)" and "Policy GA4, Records Management" to implement reasonable and appropriate security arrangements for the protection of Personal Information (in both electronic and paper format). Therefore, servers containing significant quantities of High or Very High Risk Information must be hosted in UBC Datacenters or in third party servers that have an equivalent level of security as prescribed in Information Security Standard M9.

Reference Links​
Physical Security of UBC Datacenters
Security Classification of UBC Electronic Information standard

Instructions​

Please use the checklist (link below) of must have controls for UBC datacenters to evaluate if the departmentally managed Datacenters meet essential physical security requirements.
Physical Datacenter Controls(must have) Checklist


What is Acceptable?

All servers are in a secure datacenter. What is a secure datacenters:
     > UBC datacenter and UBC approved datacenters e.g. EduCloud, Compute Canada HPC
     > or other third-party Datacenters approved by the CISO.
     > Departmentally managed datacenters which meet the essential physical security requirements

Return to CSP Self-Assessment

Privacy Matters @ UBC

Safety & Risk Services | 2389 Health Sciences Mall
University Counsel | 6328 Memorial Road,
UBC Cybersecurity | 6356 Agricultural Road
E-mail privacy.matters@ubc.ca

UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Chats Two speech clouds. Facebook The logo for the Facebook social media service. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Telephone An antique telephone. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Twitter The logo for the Twitter social media service. Youtube The logo for the YouTube video sharing service. Bell Warning