Atlassian uses cookies to improve your browsing experience, perform analytics and research, and conduct advertising. Accept all cookies to indicate that you agree to our use of cookies on your device. Atlassian cookies and tracking notice, (opens new window)
U of T Information Security
Information Security Handbook
Information Security Handbook
Results will update as you type.
  • Getting started
  • Strategies
  • How-tos
    • Back up data
    • Baselines and configurations
    • Classify data
    • Computing or storage environment for research
    • Cyber security alerts and advisories
    • Data collection and survey management
    • Data integrity
    • Delete or destroy data and devices
    • Encrypt data and devices
    • Passwords, passphrases and passkeys
    • Physically secure data and devices
    • Remote interviews
    • Report a security event or incident
    • Safe web browsing
    • Security awareness training
    • Send, share or transfer data
    • Synchronize system's time with a U of T time server
    • Travel or work remotely
    • Updates and patching
    • Virtual private networks (VPN)
    • Virus and malware protection
    You‘re viewing this with anonymous access, so some content might be blocked.
    /
    Physically secure data and devices
    Updated May 02, 2024

      Physically secure data and devices

      Purpose

      Physical access to unsecured systems, devices, and notes can lead to data loss or theft of intellectual property and valuable equipment. 

      Audience

      faculty researchers Admin staff IT staff students

      On this page

      • 1 Initial considerations
        • 1.1 Encrypt your data and/or devices.
        • 1.2 Establish a resilient backup strategy and back up your data.
      • 2 What can I do?
        • 2.1 Store hard copy data and portable devices in a secure environment.
          • 2.1.1 For researchers
        • 2.2 Keep an inventory of all devices, information, and services related to your work or project.
        • 2.3 Don’t allow unauthorized people to use or borrow your devices.
        • 2.4 Securely delete all data from a device before surrendering or disposing of it.
        • 2.5 Take additional precautions should be taken while travelling.

      Initial considerations

      Encrypt your data and/or devices.

      • Encrypting your data provides an extra layer of protection in case the physical device is lost or stolen.

        • Encrypt data and devicesPreview

      Establish a resilient backup strategy and back up your data.

      • Should your physical device be lost or stolen, it is important that you have the necessary backups to recover from.

        • Back up dataPreview

      What can I do?

      Store hard copy data and portable devices in a secure environment.

      • It is recommended you use a "double-locked" solution, meaning a private office/workspace with lockup capabilities (filing cabinet, safe, etc.) 

      • Do not leave devices unattended in open spaces, regardless of how quickly you might return. Consider using a cut- and drill-proof locking cable to prevent grab-and-run incidents. 

      • Do not leave devices unattended in visible, but private spaces like near office windows or visible from a car window to prevent break-ins and theft. 

      For researchers

      • Be sure to consult with the following documentation published by the Human Research Ethics Unit.

        • https://research.utoronto.ca/data-security-standards-personally-identifiable-other-confidential-data-research

      Keep an inventory of all devices, information, and services related to your work or project.

      • Asset management; data and devicesPreview

      • Establish a log or check-in/out system for when portable devices and hard copy data are used by a team member.

      Don’t allow unauthorized people to use or borrow your devices.

      • Allowing someone to use or borrow your device could provide them access to locally stored data.

      Securely delete all data from a device before surrendering or disposing of it.

      • Delete or destroy data and devicesPreview

      Take additional precautions should be taken while travelling.

      • Travel or work remotelyPreview

      Search

      How do I...

      Additional help

      General

      Contact us | Information Security (IS)Preview

      Contact us | Information Technology (IT)Preview

      Researchers

      Research Information Security - Information Security at University of Toronto

      Related articles

      • Page:
        Remote interviews
      • Page:
        Report a security event or incident
      • Page:
        Virtual private networks (VPN)
      • Page:
        Cyber security alerts and advisories
      • Page:
        Updates and patching
      • Page:
        Asset management; data and devices
      • Page:
        Travel or work remotely
      • Page:
        Send, share or transfer data
      • Page:
        Best practices to secure systems and environments
      • Page:
        Encrypt data and devices
      • Page:
        Baselines and configurations
      • Page:
        Naming conventions

       

       

       

      {"serverDuration": 61, "requestCorrelationId": "f2cebc27ce4f421b80cd2612273f5d4b"}