|(a) The institution of higher education head or his or her designated representative(s) shall document and manage physical access to mission critical information resources facilities to ensure the protection of information resources from unlawful or unauthorized access, use, modification or destruction. (b) The institution of higher education head or designated representative(s) shall reviews physical security measures for information resources at least annually as part of the risk assessment process. (c) Information resources shall be protected from environmental hazards. Designated employees shall be trained to monitor environmental control procedures and equipment and shall be trained in desired response in case of emergencies or equipment problems. (d) Written emergency procedures shall be developed, updated, and tested at least annually. (e) Institutions of higher education will refer to the State Office of Risk Management for applicable rules and guidelines.