Tagging & Inventory Requirements for Sensitive Equipment Purchases

Campus Purchase Approvers:

In response to CSU Special Audit 1491 – Recommendation 13, this message is to serve as a reminder and directive for compliance regarding the handling of Sensitive Electronic Equipment in accordance with SJSU Standards and CSU Policy.

Sensitive Electronic Equipment is defined as any items which are at high-risk for theft or could be used to store highly secret information.  This definition includes Workstations, Laptops and Tablets capable of storing confidential data, even those under the $5,000 accounting threshold upheld by the SJSU Property Office.

Per ICSUAM8065 and SJSU Standards:

1.      Each department is responsible for both physically securing and maintaining an accurate inventory of all Sensitive Electronic Equipment.  This inventory shall include equipment purchased by or on behalf of individuals within the department as well as through alternative purchasing methods such as ProCard or the Workstation Refresh Program.  Departmental inventories shall include at minimum:  Make, Model, SJSU Tag Number and either location or owner.

2.      Each department shall audit this inventory on an annual basis and produce a list of Sensitive Electronic Equipment for my review as part of the campus Annual Information Security Risk Assessment.  These procedures are for the purpose of prevention of theft/loss and safeguarding confidential data.

Physical tags shall be provided by IT Services to departments upon request.  Please contact the Information Security Office with any questions or to request tags at security@sjsu.edu

Thank You,

Mike Cook
Director, Identity, Security, and Desktop Services
Information Security Officer,  IT Services
San José State University
408.924.1705 (Desk & Cell)
805-674-1884 (Text)