Scribd Logo
Upload

Welcome to Scribd!

  • Data Center Access Policy: I. Purpose

    Uploaded by

    Rob Mar
    5 views3 pages

    Original Title

    20201209_DataCenterPolicy_1.0_1

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views3 pages

    Data Center Access Policy: I. Purpose

    Uploaded by

    Rob Mar

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    DATA CENTER ACCESS POLICY

    ITD Policy Data Center Access Policy

    Document No ITD-POL-0001 Document Version 1.0

    Created by Date Dec 9, 2020

    Remarks Internal/for all employees

    I. Purpose

    The purpose of this policy is to define standards, procedures, and restrictions for accessing Data
    Center.

    The overriding goal of this policy is to reduce operating risk. Data Center Access Policy will:

    A. Regulate human traffic into the facility which tends to open up security vulnerabilities or
    cause infrastructure outages.
    B. Protect corporate data, networks, and databases from unauthorized use and/or malicious
    attack.

    Therefore, all access to data centers owned by must be controlled, monitored, and conducted in a
    manner that adheres to company-defined processes for doing so.

    II. Scope

    This policy applies to the data center. Non-sanctioned access, or use of the data center, is strictly
    forbidden.

    III. Responsibilities

    A. The IT Department (ITD) Manager has the overall responsibility for the confidentiality,
    integrity, and availability of corporate data.
    B. ITD personnel are responsible for following all IT policies.
    C. All employees have the responsibility to act in accordance with company policies and
    procedures.

    IV. Policy
    It is the responsibility of any employee who is accessing the data center to protect technology-
    based resources (such as corporate data, computer systems, networks, databases, peripherals,
    cables, signages etc.) from unauthorized use and/or malicious attack that could result in loss of
    information, damage to critical applications and reputational risk. Based on this, the following
    rules must be observed:

    V. Levels of Access

    A. Authorized/ITD access
    1. The data center is physically secured by a door lock and a 24x7 by closed-circuit
    television (CCTV).
    2. All IT personnel will be authorized for access based on job-related needs upon
    completion and approval of the Data Access Form.
    3. IT personnel will accompany/shadow visitors in the data center for all critical
    activities.

    B. Vendor access
    1. All vendors must fill out the Data Center Access Form and will be reviewed by
    the ITD Manager for access based on job-related needs.
    2. Vendors with approved access to the data center are required to identify
    themselves to the ITD Manager/Staff and sign in/out of the data center using the
    Site Access Log.

    C. Visitor/Guest access
    1. In general, casual visits to the data center are not allowed. However, approval of
    a visit may be granted. Visitors must fill out the Data Center Access Form and
    will be reviewed by the ITD Manager.
    2. Visitors are required to sign in/out of the data center using the Site Access Log.
    3. While onsite, visitors must be escorted by an IT personnel at all times.
    4. All visitors will be made aware of this policy. It is the responsibility of the staff
    member accompanying the visitor to ensure their conduct conforms to this policy.

    VI. Conduct in the Data Center


    In order to maintain a secure, safe environment, it is mandatory for all persons working within
    (and visiting) the data center to adhere to the following rules:
    A. Must follow the health protocols at all times (wearing face mask and or face shield,
    hygiene etc) while inside the data center. Any health-related breach will be reported to
    the HR or Admin immediately.
    B. Cameras are not permitted and taking photographs or video is strictly forbidden.
    C. No food or drink is not allowed.
    D. Smoking or vaping is not allowed.
    E. No Hazardous materials are allowed.
    F. No cleaning supplies are allowed in the data center without prior approval.
    G. No cutting, grinding, or whittling of any material (pipes, floor tiles, etc.) can be performed
    inside the data center unless special arrangements have been made.
    H. Staff and visitors must wear identification badges at all times.
    I. All persons are expected to report any security or health and safety incidents to the ITD
    Manager/personnel immediately.
    J. No person shall connect any equipment, network/wireless devices, or monitoring tools
    without permission or specific Change Control authorization.

    VII. Monitoring and Audit

    A. Site Access logs will be monitored by an IT personnel; unauthorized access and access
    which is inconsistent with the reason stated in the Data Center Access Form will be
    investigated and appropriate action taken.

    B. CCTV records will be maintained for 1-3 months.


    C. Site Access logs and Data Center Access requests will be reviewed at least annually.

    VIII. Compliance

    This policy shall be enforced by the IT Manager in coordination with the Human Resource
    Manager. will enforce the use of penalties under existing personnel policies and
    regulations against any user who willfully violates any system security (and
    related policy), as appropriate, to ensure adherence to this policy.

    You might also like