May 28, 2018  
Policies 
    
Policies

Business and Finance (Includes Physical Plant)


Sensitive Equipment Policy
04:12:01 Sensitive Equipment Policy

 

  1. Introduction: Definition of Sensitive Equipment
    1. Sensitive equipment at Chattanooga State is defined as any item less than $5000 in value and fitting into one of the following categories:
      1. All computers.
      2. LCD projectors, overhead projectors, TV's, copiers, printers, digital cameras, video cameras, 35 mm cameras, hand-held electronic devices, and fax machines.
      3. Any office, classroom, and/or lab equipment that should be placed on the College inventory, as decided by the department supervisor, that does not fit into either category A or B.
  2. Accountability and Inventory Process
    1. When purchasing sensitive equipment, use the following two account codes for the categories listed above:
  • Account Code
Category
  • 74595
A
  • 74596
B and C
  1. By using these two account codes (74595 and 74596) the equipment will be placed on the College's inventory maintained by the Business Office and it will be shown on the annual equipment inventory sheets. Any item with a purchase value greater than $5000 is automatically placed on the College's equipment inventory.
  2. When accepting a donation of sensitive equipment, obtain an appropriate letter of donation and then request in writing that the Business Office place the item(s) on the College equipment inventory.
  1. Protection of Sensitive Equipment
    1. It is the responsibility of each Department to ensure the safe keeping of all equipment and supplies purchased with College funds or donated to the College. This means that department supervisors should hold department personnel accountable for the discharge of their duties in safe keeping sensitive equipment. Therefore, each Department should have procedures for securing and maintaining sensitive equipment. Computer equipment and sensitive data controls should conform to all Computer Services and College control policies and procedures.
  2. Process for Reporting Missing Sensitive Equipment
    1. Category A: For reporting any missing item of sensitive equipment in category A, please follow the Information Technology Security Incident Response (ITSIR) policy in addition to filing a report with Security. The report must be made the same day the item is discovered missing. If the missing item contains Personally Identifiable Information (PII) as defined by FERPA, a report must be filed immediately in accordance with the ITSIR policy. Concerning the protection of PII data, the following information is taken from the College's Data Security policy:
      1. All data required by law to be protected from nondisclosure, unauthorized use, modification, or destruction under FERPA's designation of Personally Identifiable Information (PII) shall be protected from unauthorized use, modification or destruction.
      2. Users of mobile computing platforms, including but not limited to laptops, handheld devices, and portable storage media, shall take every precaution to protect such platforms from theft.
      3. Only when it is absolutely necessary to perform specific job related duties shall computing platforms, mobile or stationary, store PII. In all cases, PII assets must have approval from the asset custodian for such storage and shall be encrypted while stored on mobile and stationary computing platforms/devices. With Banner 'A' numbers being used as personal identifiers, computing platforms should not contain social security numbers. If an application requires the use of social security numbers, it must be identified in the risk assessment process and appropriate controls put in place. Losses of institutional assets or other IT resources must be reported immediately in accordance with the College's Information Technology Security Incident Response (ITSIR) policy.
  3. Category B or C: For reporting any missing item of sensitive equipment in Category B or C, please report it within 3 business days to Security and if required, complete a Property Loss Report as defined in TBR Guideline B-080. The information items needed to complete a security report are: 1) last time it was seen or inventoried, 2) description including serial number, and 3) value.


Approved: Executive Staff, 05/20/09
Approved: President's Cabinet, 05/20/09
Approved: President, 05/20/09
Reviewed: Business and Finance, January 28, 2009