Policy 10:17 – Physical Security Standards

Email 605-688-5248

Policy Contact: Office of Safety and Security

Purpose
The purpose of this policy is to increase safety and to secure access to University facilities and sensitive areas and information to authorized individuals only, and to establish consistent standards for physical security across the University.
Definitions
1. Access Control Device/Credential: a mechanical or electronic device or credential used to gain access to University facilities.
2. Controlled/Restricted Area: any space with heightened security needs due to sensitive data, high-value assets, hazardous materials, or specific functional requirements (e.g., data centers, research labs, residential rooms).
3. Facilities and Grounds: includes buildings, structures, internal streets and sidewalks, parking facilities, athletic facilities, landscaping and grounds owned or occupied by the University, but excludes municipal streets or sidewalks or public highways or rights of way that abut or traverse the campus.
4. Physical Security: a comprehensive risk-based approach to protecting people, physical assets, and data.
Policy
1. The University employs a layered security approach, including building standards, Access Control Devices/Credentials, video surveillance, lighting, emergency plans, and other strategies.
2. All members of the University community have a shared responsibility for promoting safety, as well as the security of University Facilities and Grounds. Each academic or business unit is responsible for applying and following security controls, systems, and procedures that align with this policy to ensure their Facilities and Grounds are safe and secure.
3. Subject to lawful directives from the University President, Emergency Management Team, or their designees, a Physical Security Committee consisting of designees from the University Police Department, Emergency Management, Information Technology, and Facilities and Services will develop, review, maintain, and update physical security standards for University Facilities and Grounds. Other subject matter experts will be invited to participate in the committee temporarily as needed.
4. The Physical Security Committee is responsible for reviewing requests pursuant to this policy and requests for deviations from standards and this policy, consistent with other policies, in a non-discriminatory manner that does not violate privacy requirements.
5. Physical security and access levels at the University will be tiered based on risk assessments. The Physical Security Committee and the University’s Emergency Management Team will review the tiered risk matrix on a biennial basis to determine if any access levels need to be modified. Vulnerability assessments will include, but not be limited to, reviewing human safety, high-value asset protection, and confidentiality requirements.
6. Security controls must be in place to prevent unauthorized access to any Controlled/ Restricted Area. These controls must include:
  1. Defined physical security perimeters with boundaries appropriate to the sensitivity of the space;
  2. Physical entry controls to ensure that only authorized individuals are allowed access;
  3. Physical design, security, and/or surveillance systems for offices, rooms, and Facilities, which follow facility planning and design standards;
  4. Physical protection designed and implemented to protect against natural disasters, accidents, or malicious attacks; and
  5. Procedures designed and implemented for working effectively in the Controlled/Restricted Area.
  6. Certain units may be subject to additional regulatory, legal, or professional standards. Physical security measures in those areas will be implemented in coordination with those requirements.
7. Video Surveillance
  1. Video surveillance systems are used to monitor campus activities, deter crime, and aid investigations, with privacy considerations in place.
  2. Placement, use, and maintenance of video surveillance systems is subject to University Policy 10:6.
8. Building Hours
  1. Standard building hours for Facilities and Grounds at the University are established by the Physical Security Committee. Hours vary depending on the access level and are determined based on a risk-based access matrix and the Building Access Standards, as developed and maintained by the Physical Security Committee. Access levels include:
    1. Public Access (Open): Doors are unlocked; public entry is permitted. Not all University buildings have public access hours.
    2. Restricted Access (Card Access Only): Doors are locked; access requires a valid Access Control Device/Credential.
    3. Secure (Closed): All doors are locked; access is limited to essential personnel, as defined in University Policy 10:7, and University police.
  2. All University Facilities and Grounds must remain secure, and access must be restricted to authorized individuals outside of public access building hours, on weekends, and when the University is closed. Use of University Facilities and Grounds by private parties is governed by University Policy 6:7.
  3. The University Police Department may provide access to authorized individuals who are temporarily without access to a particular space after confirming the individual has authorization to access that space or when emergency access is required.
9. Door Locks and Access
  1. All external building doors and doors to restricted areas must have locking mechanisms.
  2. The issuance of Access Control Devices/Credentials will be systematic, needs-based, and in accordance with this policy and other associated University policies.
  3. The Physical Security Committee reviews requests for deviations from the Building Access Standards, contacts individuals to gather appropriate facts and assess risks, and reviews against the risk matrix for access control considering vulnerabilities and operational issues.
  4. Upon determination of proper door control and access standards, the Committee will forward the determination to the responsible offices for use in deploying.
  5. Door access is governed by University Policy 5:19.
10. Facilities Design and Planning
  1. Physical security standards will be reviewed and applied in all Facility planning and design, improvements, and renovations.
11. Department Responsibilities
  1. University unit designees must conduct regular audits of access lists to ensure permissions are current and warranted.
  2. Departments are responsible for managing contractors/vendors accessing their area and ensuring appropriate check-in procedures are followed.
12. The Physical Security Committee is responsible for the effective operation and implementation of this policy and procedures, administration and maintenance of the security systems, and for compliance with this policy, operating procedures, design and construction standards, and all associated laws and regulations.
13. Any violation of this policy may result in the loss of access privileges and potential disciplinary action, up to and including termination of employment or expulsion, as well as potential civil or criminal penalties. The University reserves the right to limit or revoke access at any time.
Procedures
1. Departments will develop and maintain procedures to prevent unauthorized access, including to any Controlled/Restricted Area.
2. Department heads/directors will submit any requested deviations from the Building Access Standards to the Physical Security Committee. The Physical Security Committee will review such deviations and determine whether to approve or disapprove the deviations and then contact the department head/director with the decision.
3. Decisions of the Physical Security Committee may be appealed in writing to the Chair of the University's Emergency Management Team within ten (10) days of notification of such decision. The Emergency Management Team Chair's decision will be final and not subject to appeal.
Responsible Administrator
The Vice President and General Counsel, or designee, is responsible for review of this policy and its procedures. The University President is responsible for approval of this policy.

Approved by President on 04/16/2026.

Sources: University Policies 5:19, 6:7, 10:6, and 10:7

�ձ�av��Ƶ

Policy 10:17 – Physical Security Standards