ITS facility physical security zones that host the secure HIPAA networks
Physical security zones are segregated areas within the facility or location that have differing physical
security requirements. There are three types of physical security zones:
Public Areas
Controlled Areas
Secure Areas
The security requirements of each zone are determined by a risk assessment that is based on:
The protection and safety of the people and the business operations being performed within the
zone,
The sensitivity of the information assets contained or that are accessible from within the zone, and
The technology resources located in the zone
The ITS Department will maintain a floor plan of the ITS facility areas and locations that clearly
identifies the physical security zone assignment of the physical area.
The appropriate physical security controls must be implemented and maintained for each identified
zone.
Physical access by all personnel entering the controlled and secure areas must be controlled by
rights based on the individual’s assigned roles and responsibilities. Access will be limited to only
those areas necessary to perform their duties
Public areas: Regis Secure HIPAA Networks
Public areas are physical areas designated for conducting routine business and operations with the
University’s users, partners and preferred vendors. Requirements of a public area include:
Access points into the office are not restricted.
Everyone has free ingress and egress to the area.
No escorts are required.
There are no public areas for the facility areas that host the University’s Secure HIPAA Networks.
Controlled areas: Regis Secure HIPAA Networks
Controlled areas are physical areas that have additional physical security controls beyond the
public area requirements that are adjacent to and allow access to the University’s Secure HIPAA
Networks. Requirements of a controlled area include:
A defined security perimeter that includes security barriers such as physical entry controls that
effectively restrict physical access to only authorized personnel on a 24 X 7 basis.
Physical access must limit access to only those individuals necessary to perform their assigned
duties.
All visitors in a controlled area must follow the log in procedures.
Secure areas: Regis Secure HIPAA Networks
Secure areas are physical areas that have additional physical security controls beyond the secure
area requirements to specifically protect those areas of the facility that host the devices and
systems that comprise the University’s Secure HIPAA Networks. Requirements of a secure area
include:
A defined security perimeter that includes security barriers and physical entry controls that