Professional Documents
Culture Documents
I. Purpose
The purpose of this policy is to define standards, procedures, and restrictions for accessing Data
Center.
The overriding goal of this policy is to reduce operating risk. Data Center Access Policy will:
A. Regulate human traffic into the facility which tends to open up security vulnerabilities or
cause infrastructure outages.
B. Protect corporate data, networks, and databases from unauthorized use and/or malicious
attack.
Therefore, all access to data centers owned by must be controlled, monitored, and conducted in a
manner that adheres to company-defined processes for doing so.
II. Scope
This policy applies to the data center. Non-sanctioned access, or use of the data center, is strictly
forbidden.
III. Responsibilities
A. The IT Department (ITD) Manager has the overall responsibility for the confidentiality,
integrity, and availability of corporate data.
B. ITD personnel are responsible for following all IT policies.
C. All employees have the responsibility to act in accordance with company policies and
procedures.
IV. Policy
It is the responsibility of any employee who is accessing the data center to protect technology-
based resources (such as corporate data, computer systems, networks, databases, peripherals,
cables, signages etc.) from unauthorized use and/or malicious attack that could result in loss of
information, damage to critical applications and reputational risk. Based on this, the following
rules must be observed:
V. Levels of Access
A. Authorized/ITD access
1. The data center is physically secured by a door lock and a 24x7 by closed-circuit
television (CCTV).
2. All IT personnel will be authorized for access based on job-related needs upon
completion and approval of the Data Access Form.
3. IT personnel will accompany/shadow visitors in the data center for all critical
activities.
B. Vendor access
1. All vendors must fill out the Data Center Access Form and will be reviewed by
the ITD Manager for access based on job-related needs.
2. Vendors with approved access to the data center are required to identify
themselves to the ITD Manager/Staff and sign in/out of the data center using the
Site Access Log.
C. Visitor/Guest access
1. In general, casual visits to the data center are not allowed. However, approval of
a visit may be granted. Visitors must fill out the Data Center Access Form and
will be reviewed by the ITD Manager.
2. Visitors are required to sign in/out of the data center using the Site Access Log.
3. While onsite, visitors must be escorted by an IT personnel at all times.
4. All visitors will be made aware of this policy. It is the responsibility of the staff
member accompanying the visitor to ensure their conduct conforms to this policy.
A. Site Access logs will be monitored by an IT personnel; unauthorized access and access
which is inconsistent with the reason stated in the Data Center Access Form will be
investigated and appropriate action taken.
VIII. Compliance
This policy shall be enforced by the IT Manager in coordination with the Human Resource
Manager. will enforce the use of penalties under existing personnel policies and
regulations against any user who willfully violates any system security (and
related policy), as appropriate, to ensure adherence to this policy.