Data Center Access Policies and Procedures

Similar documents
Communications Room Policy

CCBC is equipped with 3 computer rooms, one at each main campus location:

Data Centers and Mission Critical Facilities Access and Physical Security Procedures

UITS Data Center Access Policies and Procedures

Centeris Data Centers - Security Procedure. Revision Date: 2/28/2018 Effective Date: 2/28/2018. Site Information

Ulster University Policy Cover Sheet

University Facilities Management (UFM) Access Control Procedure (non-residence areas)

Policies & Procedures Effective Date: January 24, Key Control

Information Services IT Security Policies L. Network Management

Facility Security Policy

Virginia Commonwealth University School of Medicine Information Security Standard

State of Rhode Island Department of Administration Division of Information Technol

Physical and Environmental Security Standards

1. Policy Responsibilities & Oversight

Physical and Environmental Security Policy Document Number: OIL-IS-POL-PES

MOTT COMMUNITY COLLEGE. Procedure for Cellular Telephones

Information Security Incident Response and Reporting

FACILITY USER GUIDE. Colocation in Key Info s Agoura Court Data Center

SECTION 15 KEY AND ACCESS CONTROLS

PoP ROOM: INSIDE AND OUTSIDE PLANT RULES & REGULATIONS

UT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES

Date of Next Review: May Cross References: Electronic Communication Systems- Acceptable Use policy (A.29) Highway Traffic Act

Colocation Service Terms

XAVIER UNIVERSITY Building Access Control Policy

Table of Contents. PCI Information Security Policy

Data Centre Security. Presented by: M. Javed Wadood Managing Director (MEA)

Signature: Signed by GNT Date Signed: 5/26/2015

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

The City of Mississauga may install Closed Circuit Television (CCTV) Traffic Monitoring System cameras within the Municipal Road Allowance.

Identity Theft Prevention Policy

Policy: Telephone and Cell Phone

INFORMATION TECHNOLOGY POLICY

The Common Controls Framework BY ADOBE

PROCEDURE COMPREHENSIVE HEALTH SERVICES, INC

2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010

I. PURPOSE III. PROCEDURE

Subject: University Information Technology Resource Security Policy: OUTDATED

PENN MANOR SCHOOL DISTRICT

Wireless Communication Device Policy Policy No September 2, Standard. Practice

CYBER SECURITY POLICY REVISION: 12

Trust Services Principles and Criteria

RMU-IT-SEC-01 Acceptable Use Policy

RECERTIFICATION HANDBOOK

Seven Requirements for Successfully Implementing Information Security Policies and Standards

Standard CIP 004 3a Cyber Security Personnel and Training

St. Joseph s General Hospital LOCKDOWN EMERGENCY RESPONSE PLAN

INFORMATION SECURITY- DISASTER RECOVERY

Page 1 of 15. Applicability. Compatibility EACMS PACS. Version 5. Version 3 PCA EAP. ERC NO ERC Low Impact BES. ERC Medium Impact BES

PA TURNPIKE COMMISSION POLICY

UCLA AUDIT & ADVISORY SERVICES

UTAH VALLEY UNIVERSITY Policies and Procedures

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

7.16 INFORMATION TECHNOLOGY SECURITY

Administrative Procedure

Information Technology Standards

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Policies & Regulations

Network Security Policy

APPENDIX H: McMURDO STATION COMPUTER INFORMATION For more information, visit

October 13, From: Larry Snyder, Associate Director for Administrative Services. Subject: Solutions Center Facilities Emergency Response Plan

ISSP Network Security Plan

n+2 DATA CENTER CONTROL POLICY

Cardiff University Security & Portering Services (SECTY) CCTV Code of Practice

DATA CENTER ACCESS PROCEDURE IT-P-008

SECURITY & PRIVACY DOCUMENTATION

Wireless Communication Device Use Policy

Employee Security Awareness Training Program

IT Security Standard Operating Procedure

The University of British Columbia Board of Governors

Hosted Testing and Grading

Information Technology Services UNMANAGED CO-LOCATION S E R V I C E L E V E L A G R E E M E N T

SAFE USE OF MOBILE PHONES AT WORK POLICY

Motorola Mobility Binding Corporate Rules (BCRs)

Information technology security and system integrity policy.

PHYSICAL PLANT OPERATIONAL & MAINTENANCE ADMINISTRATIVE PROCEDURE. Purpose

University Network Policies

Auditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC

HIPAA Security. 3 Security Standards: Physical Safeguards. Security Topics

University of Pittsburgh Security Assessment Questionnaire (v1.7)

REVISION HISTORY DATE AMENDMENT DESCRIPTION OF AMENDMENT

Corporate Guideline ENVIRONMENTAL POLICY

HIPAA Security and Privacy Policies & Procedures

Security Standards for Electric Market Participants

Server Colocation Standards

Security Awareness, Training, And Education Plan

TSA/FTA Security and Emergency Management Action Items for Transit Agencies

Wireless Services Allowance Procedure

Cyber Security Program

Internet, , Social Networking, Mobile Device, and Electronic Communication Policy

WELLSBORO AREA SCHOOL DISTRICT

Applications/Data To Include in Survey (include applications that meet one or more of the following criteria)

Donor Credit Card Security Policy

ADIENT VENDOR SECURITY STANDARD

Lakeshore Technical College Official Policy

Virginia Commonwealth University School of Medicine Information Security Standard

CTS performs nightly backups of the Church360 production databases and retains these backups for one month.

Severn Trent Water. Telecommunications Policy and Access Procedure

Select Agents and Toxins Security Plan Template

Date Approved: Board of Directors on 7 July 2016

Transcription:

Data Center Access Policies and Procedures Version 2.0 Tuesday, April 6, 2010 1

Table of Contents UITS Data Center Access Policies and Procedures!3 Introduction!3. Overview!3 Data Center Access!3 Data Center Access - Levels of Access!4 Periodic Review and Termination of Access!5 Data Center Access Log!5 Access Exception Reporting!5 Appendix A: Data Center Access Agreement!6. Appendix B: Data Center Unescorted Access Request Procedure!7 Appendix C: Data Center Etiquette!8 Appendix D: Data Center Approved Vendor Access Procedure!9 2

UITS Data Center Access Policies and Procedures Introduc)on The UITS Data Centers provide stable environments, enhanced security, fire suppression equipment and alarms, uninterrupted power (UPS and generators), high- speed network connectivity, 24x7 Operator coverage and other features required by the mission-critical resources they contain. The policies and procedures described in this document have been developed to maintain a secure, safe environment and must be followed by individuals working in or visiting the Data Centers. All individuals requesting access or maintaining servers in the Data Center must understand and agree to these procedures. Overview The UITS Data Centers contain the University of Arizonaʼs enterprise computing and networking resources. Access is controlled to protect both the physical resources and the enterprise data from unauthorized use, accidental or malicious damage and theft. Access to the Data Centers will only be granted when a legitimate business need is demonstrated. This access policy and procedure document specifies the criteria for granting access to specific individuals or groups. Failure to follow these policies is considered grounds for dismissal and/or prosecution. Failure of a vendor, consultant, or contractor to follow these policies is grounds for termination of agreements and subsequent legal action. Any questions regarding policies and procedures should be addressed to the UITS Infrastructure Services Operations Center (ISOC) Assistant Director. This Data Center Access Policy may be suspended in the event of an emergency that requires access for medical, fire, or police personnel. Data Center Access CatCard swipe access and unsupervised 24x7 access to the Data Centers will only be given to individuals with an approved and demonstrated business need to access the Data Centers on a regular basis, those individuals requiring infrequent access will be granted escorted access as needed. Individuals with unescorted access may escort and supervise unauthorized individuals provided all individuals are logged on entry and exit. CatCards belonging to authorized individuals may not be loaned to unauthorized individuals; such action is grounds for disciplinary action. There are no temporary or ʻblankʼ access cards available. Any employee or vendor that forgets or misplaces their CatCard will be restricted to escorted access to the Data Centers until their CatCard is replaced. Violations of the agreement can result in removal of access. Individuals that violate the policies and are removed from the list may face additional disciplinary actions, pending review by the responsible ISOC Assistant Director. 3

Data Center Access - Levels of Access A. Escorted Individuals that have an infrequent need for Data Center access will be granted Escorted status and will not have CatCard swipe access. Escorted access will be provided primarily during normal business hours. Data Centers that do not have 24x7 Operations coverage will have after-hours escorted access on an emergency or pre-arranged basis only. Individuals requesting escorted access must be signed in and out in the Data Center access log by a member of the ISOC staff. They are required to provide identification on demand and leave the facility when requested to do so. They must not allow any other person access to the Data Center. B. Unescorted Employees that work inside the Data Center and other individuals that have been granted the access based on their job requirements and a demonstrated legitimate business need will have 24/7 access to the Data Center. CatCards must be visible at all times when in the Data Center. Please see Appendix B: Data Center Unescorted Access Procedure on page 7 for more information. C. Vendor Approved vendors with CatCards may be granted unescorted access to the Data Center to perform scheduled maintenance or repair work. Vendors not approved for unescorted access may be granted escorted access. Please see Appendix D: Data Center Approved Vendor Access Procedure on page 9 for information about vendor access. D. Data Center Tours Tours must be pre-approved by the ISOC Assistant Director. All visitors must sign in and out and must be escorted while touring the Data Centers. E. Maintenance and Custodial Staff University maintenance and custodial staff will need to be escorted when accessing the Data Centers. All facilities staff must sign the access log upon entering and leaving the Data Center and inform the ISOC staff of any maintenance work. The ISOC staff must enter any maintenance work in the operations log. F. First Responders Campus first responders are granted unescorted access. The list of campus first responders is provided to Amer-X by the UAPD. 4

Periodic Review and Termina)on of Access The ISOC Assistant Director will review the access list every 90 days and will remove any individuals who no longer have a legitimate business need to access the Data Centers. The UITS CIO office will review the access list quarterly. As part of the employee exit procedure the ISOC staff is notified when employees leave the department. The ISOC Manager will request the immediate removal of access rights if the employee has Data Center access. Data Center Access Log The Access logs at each Data Center must be maintained at all times by the ISOC staff. All escorted individuals entering the Data Center must sign the log as they enter and exit for audit purposes. Access Excep)on Repor)ng Any unauthorized access to the Data Center must be logged by the Data Center Staff in the daily operations log and must be reported to the on-duty ISOC Manager who will determine if the incident needs to be reported to the campus police. Attempts to forcibly enter the Data Center must be immediately reported to campus police. The onduty ISOC Manager must also report the incident in writing to the ISOC Assistant Director. Data Center E)queJe Rules It is mandatory that all people working within the Data Center adhere to the posted rules of etiquette. This will insure Data Center safety and efficiency. Please see Appendix C: Data Center Etiquette on page 8 for more information. 5

Appendix A: Data Center Access Agreement Applicant Name: Applicant Email: CatCard#: # Applicant Department: Office Phone: Emergency Contact Phone : # # # # Supervisors Name: Supervisors Email: Justification for Access: Access Requested: UITS Site 1 Data Center UITS Site 2 Data Center Switch Room Data Center Those granted Data Center access must abide by the following rules: UA CatCards must be worn visibly at all times. Individuals must not touch equipment or supplies belonging to other departments. Access must not be used to allow any unauthorized person into the Data Center. An individual that has access MUST formally log in and out ALL visitors that are accompanying them into the Data Center. Individuals with access privilege must abide by all policies and procedures as described in the UITS Data Center Access Policies and Procedures document. Violating these rules can result in Data Center access being revoked and/or disciplinary action.. Read and abide all Data Center access policies and procedures. I fully understand and agree to these rules. I also agree to provide my full cooperation during any investigation concerning a security matter, which might have occurred in the Data Center during a time when my presence in the facility has been recorded. Abuse of this access privilege and/or non-compliance with this agreement may result in removal of access and/or disciplinary action. Applicant s Signature: Date: Applicant s Supervisors Name: Applicant s Supervisor Signature: Access Level: Unescorted Access Date: Vendor Access IS Assistant Directors Signature: Date: 6

Appendix B: Data Center Unescorted Access Request Procedure 1. Each employee requesting unescorted access to the Data Centers must complete a Data Center Access Agreement form. 2. The employeeʼs manager must sign the Access Agreement form before it can be submitted for review. 3. The ISOC Assistant Director will review all access requests. The applicant and their supervisor will be notified of the decision by email. 4. All submitted Data Center Access Agreement forms will be filed in the ISOC office. 5. The employeeʼs CatCard will then be authorized for access to the authorized Data Centers specified in the access request form. 6. If the Access Request form indicates an access request to more than one Data Center, the access requests will be evaluated and authorized separately. 7. An employee's manager may appeal a denial of access via email to the ISOC Assistant Director. The email should include an expanded explanation for the employee access requirements. In the event that the denial is uphold, an appeal can be delivered, in writing, to the Infrastructure Services Senior Director. The decision of the Infrastructure Services Senior Director is final. 7

Appendix C: Data Center Etiquette 1. All work areas must be kept clean and free of debris. Staff performing work in the Data Centers must ensure that they have left the areas as clean as they were before beginning their work. 2. To reduce fire hazards rack enclosures must be kept neat and free of manuals, media, boxes and unused equipment. Rack enclosures are not storage cabinets and must only be used for functioning equipment. 3. Doors on all racks should remain closed at all times except during maintenance. 4. Cables should never be strung outside of rack enclosures. Cabling between rack enclosures of adjacent racks is accepted provided sufficient pass-through chassis are in place. 5. Under no circumstances should any customer: a. Lift floor tiles without prior knowledge, consent, and oversight of the ISOC staff. b. Tampering with or interfering with the normal function of the Transformers or Power Distribution Units (PDU). c. Tampering with or interfering with the normal function of the Air Conditioning units. d. Plugging any device into another cabinetʼs power supply. e. Removing any cables or power connections from equipment other than those covered by your SLA. 6. The Data Center Manager should be contacted immediately if any customer requests access to the Data Center machine room infrastructure and/or environmental systems. 7. Under no circumstance should any food and beverages of any kind be within the raised floor area of Data Center. Food and beverages must only be consumed in the break room or the Operations Center. Beverages and other consumables many only be transported to and from the break room in spill proof containers. 8

Appendix D: Data Center Approved Vendor Access Procedure Note: A Departmental Sponsored Visitor (DSV) ID must be obtained before a CatCard can be issued. The vendor must request a DSV from the UITS department sponsoring the vendorʼs access to the Data Center. CatCardʼs can be purchased at the CatCard office in the Student Union at a cost of $25/per card. 1. All members of a Vendorʼs maintenance team granted unescorted access to the Data Center must display the University CatCard that was issued specifically for that individual. Sharing CatCards is strictly prohibited. 2. Each individual vendor requesting unescorted access to the Data Centers must complete the UITS Policies and Procedures Access agreement form. The form must be signed by the Assistant Director of the UITS department sponsoring the vendor. 3. The ISOC Assistant Director will evaluate and authorize the request if there is a legitimate business need. In the event that the request is denied, the vendor and sponsoring UITS department will be informed by email. 4. After approval of the access request, the access agreement form will be filed in the ISOC office and the Vendors CatCard will be authorized for swipe access. 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback