Data Center Security Procedure

Owned by James Monek, created
Mar 01, 2024
2 min read

Description

The Library and Technology Services organization has established a Data Center Security Procedure to define and secure the two data centers on campus known as EWFM Data Center and Packard Lab Data Center.

Scope

This procedure applies to the Library and Technology Services organization.

Physical Access Controls

Both data centers have the following access controls in place.

  • Badge reader access managed and supported by the Ideal Office

  • Least privilege access model is utilized

  • Access is controlled and reviewed with the Director, TIO, annually. Terminated employees are removed on the last day of work

  • All badge access is logged and can be accessed by request of the Ideal Office by the Director, TIO, Assistant Director, Operations, or the Operations Manager

  • Visitors are required to be signed in by the operations staff

  • Security cameras are deployed in both data centers and recordings are saved for 4 days

Visitor Guidelines

Visitors are allowed in the data center with the following guidelines.

  • Visitors are required to be signed in by the operations staff

  • No photos may be taken in the Network Operations Centers (NOC) or Data Center unless permission is granted by the operations staff

  • No food or drinks are allowed in the data center

Equipment Staging

In order to protect the resources in the data center, the following guidelines must be followed.

  • Equipment must be unpacked or uncrated outside the data center

  • No boxes, cardboard, or other packaging materials can be inside the data center

  • No activities are allowed that creates dust or debris

  • All cutting shall be performed outside the data center

  • Crash carts and server lifts are available

  • Floor tile handling by TIO staff only unless approved by the TIO staff

  • All equipment must adhere to the established LTS security standards

  • Technology infrastructure & Operations staff have the right to temporarily shut down resources that violate security standards, deemed to be infected or a threat to computing resources in the data center

  • All equipment must be labeled appropriately

Related

Detail associated standards and guidances.

Definitions

List any terms used in this standard which need to be defined for the readers understanding

Revision History

Date

Version

Description

Approval

Date

Version

Description

Approval

Oct 26, 2023

1.0

Final Original Document

Approved by Jim Monek, Director, Technology Infrastructure & Operations

Approved - Jim Monek

Oct 23, 2023

1.0

CISO Reviewed

Â