Servers physically protected by separate

room, locked

Presented by :
ARJUN JOSHI – 8682364
VENKATA SATYA SURYA NAGA MURALI VADDADI –
8684731
GURJEET KAUR - 8711819
VIVEK RAM REDDY REVOORI – 8731994
BINDU SRUJANA BANDLA- 8700736
Content

 Introduction

 Importance of Physical Server

 Why Policies and Standards are important

 Policies for Server Physical Protection

 Standards for Server Physical Protection

 Compliance of Policy and Standards

 Enforcement
Server Room
Introduction to Server Room

 Server room is an area set aside within an organization that is devoted to

storing data storage servers and computer networking devices. A server room
serves as a business hub for operations and IT infrastructure.

 The servers and equipment within a server room are usually remotely
operated with remote administration s/w and KVM switches. Normally housed
in racks to keep them secure and organized.
Importance of Physical Server

 Physical servers do offer superior performance to virtual servers.

 Physical servers offer teams around-the-clock access and immediate

control over their computing resources

 Physical servers do present risks when it comes to business continuity

and disaster recovery
Why Policies and Standards are important

Policies provide guidance, consistency, accountability, efficiency, and clarity on

how an organization operates.

Policies can also provide guidance for the board on how to handle issues as
they arise.

Formal, written policies and procedures improve overall organizational

performance by keeping everyone “on the same page” when it comes to
expectations and issues.

Consistent policies also help new board members get up to speed quickly on
how the organization operates and what’s expected of them as a board
member.
Policies for Server Physical Protection
 Access to server rooms should be controlled by a strong authentication
method. Lock combinations should be changed on a regular basis.

 Doors to server rooms should be fireproof secured and premises monitored

by CCTV or IP cameras 24/7
Standards for Server Physical Protection-I
 Authentication Methods

• Electronic Combination Lock

• Badge Reader

• Finger print Reader and Biometric Scanning Devices

 Physical lock combination should be changed on regular basis

 Deactivation of credentials for terminated workers.

 Hierarchy to Access Servers should be maintained

Standards for Server Physical Protection-II
 Door security

• Door access control must be maintained 24/7 and should conform to ISO-
27001 standards

• An electronic access control system should be in place and log all access to
secure data center areas

• Access logs should be maintained for a minimum of one year or longer as

specified by site security policy

• Enforcement of strict polices and sign in/out logs is mandatory

• Review of procedures and sign in/out logs must be done on a regular basis

• Secured doors must fail open in a fire emergency.

 Compliance To Policies and Standards

 Audits will be performed on a regular basis by authorized organizations within the

organization .

 Audits will be managed by the internal audit group or InfoSec, in accordance with
the Audit Policy.

 InfoSec will filter findings not related to a specific operational group and then
present the findings to the appropriate support staff for remediation or justification.

 Every effort will be made to prevent audits from causing operational failures or
disruptions.
Enforcement

Any employee found to have violated this policy may be subject to disciplinary
action , up to and including termination of employment .

Violations of this policy and standards will be subject to disciplinary action as

described in the Information Technology policy, employee conduct, and in
accordance with the Server Protection Policy (Ver 1)
Thank you!