04:12:01 Sensitive Equipment Policy
- Introduction: Definition of Sensitive Equipment
- Sensitive equipment at Chattanooga State is defined as any item with a value over $1,500 but less than $5000 and fitting into one of the following categories:
- All computers, no matter the cost.
- LCD projectors, overhead projectors, TV's, copiers, printers, digital cameras, video cameras, 35 mm cameras, hand-held electronic devices, and fax machines.
- Any office, classroom, and/or lab equipment that should be placed on the College inventory, as decided by the department supervisor, that does not fit into either category A.1.a or A.1.b.
- Accountability and Inventory Process
- When purchasing sensitive equipment, use the following two account codes for the categories listed above:
A.1.b and A.1.c
- By using these two account codes (74595 and 74596) the equipment will be placed on the College's inventory maintained by the Technology division. These items will be tagged by the Technology division if they fall within the requirements of Category A.1.a or Business Office if within the requirements of Category A.1.b and A.1.c. All equipment purchased with TAF funds will be tagged with special tags to identify them for student use only.
- When accepting a donation of sensitive equipment, obtain an appropriate letter of donation and then request in writing that the Business Office place the item(s) on the College equipment inventory.
- Protection of Sensitive Equipment
- It is the responsibility of each Department to ensure the safe keeping of all equipment and supplies purchased with College funds or donated to the College. This means that department supervisors should hold department personnel accountable for the discharge of their duties in safe keeping sensitive equipment. Therefore, each Department should have procedures for securing and maintaining sensitive equipment. Computer equipment and sensitive data controls must comply with all college policies and procedures.
- Process for Reporting Missing Sensitive Equipment
- Category A.1.a: For reporting any missing item of sensitive equipment in category A.1.a, please follow the Information Technology Security Incident Response (ITSIR) policy in addition to filing a report with Security. The report must be made the same day the item is discovered missing. If the missing item contains Personally Identifiable Information (PII) as defined by FERPA, a report must be filed immediately in accordance with the ITSIR policy. Concerning the protection of PII data, the following information is taken from the College's Data Security policy:
- All data required by law to be protected from nondisclosure, unauthorized use, modification, or destruction under FERPA's designation of Personally Identifiable Information (PII) shall be protected from unauthorized use, modification or destruction.
- Users of mobile computing platforms, including but not limited to laptops, handheld devices, and portable storage media, shall take every precaution to protect such platforms from theft.
- Only when it is absolutely necessary to perform specific job related duties shall computing platforms, mobile or stationary, store PII. In all cases, PII assets must have approval from the asset custodian for such storage and shall be encrypted while stored on mobile and stationary computing platforms/devices. With Banner 'A' numbers being used as personal identifiers, computing platforms should not contain social security numbers. If an application requires the use of social security numbers, it must be identified in the risk assessment process and appropriate controls put in place. Losses of institutional assets or other IT resources must be reported immediately in accordance with the College's Information Technology Security Incident Response (ITSIR) policy.
- Category A.1.b or A.1.c: For reporting any missing item of sensitive equipment in Category A.1.b or A.1.c, must be reported the day that the item is noticed missing to Security and if required, complete a Property Loss Report as defined in TBR Guideline B-080. The information items needed to complete a security report are: 1) last time it was seen or inventoried, 2) description including serial number, and 3) value.
Submitted to Policy Review Committee on February 10, 2020
Submitted to Policy Review Board on March 6, 2020
Approved by Policy Review Board on April 8, 2020
See Previous Version(s):
Approved: Executive Staff, 05/20/09
Approved: President's Cabinet, 05/20/09
Approved: President, 05/20/09
Reviewed: Business and Finance, January 28, 2009