This document provides guidelines for protecting IT equipment and data. Key points include: 1) Equipment such as laptops, PCs, servers and mobile devices should be physically secured and protected from unauthorized access. 2) Portable devices like laptops should never be left unattended and computer screens should not be viewable by unauthorized individuals. 3) Servers and mainframes containing sensitive data must be kept in secure locked areas with controlled physical access.