Policy Library 1 Camino Santa MariaSan Antonio, TX 78228 +1-210-436-3011 Policy Library logo William Joseph Chaminade St. Mary's University, Texas
Official policies of St. Mary's University

Data Center Access

Approver(s):

Executive Council

Authorizes release:

Vice President for Information Services

Responsible office:

Information Technology Services

Review cycle:

Annually or as required

Adopted:

Unknown

Last update:

July 2017

Next review:

June 2018

Introduction

The ITS Data Centers provide stable environments, enhanced security, equipment and alarms, uninterrupted power (UPS and generators), high- speed network connectivity, and other features required by the mission-critical resources they contain. The policies and procedures described in this document have been developed to maintain a secure, safe environment and must be followed by individuals working in or visiting the Data Centers. All individuals requesting access or maintaining servers in the Data Center must understand and agree to these procedures. This policy is designed to meet industry standards and align with ITIL methodologies.

Overview

The ITS Data Centers contain the St. Mary’s University’s enterprise computing and networking resources. Access is controlled to protect both: physical resources and enterprise data from unauthorized use, accidental or malicious damage and theft. Access to the Data Centers will only be granted when a legitimate business need is demonstrated. This access policy and procedure document specifies the criteria for granting access to specific individuals or groups. Failure to follow these policies is considered grounds for dismissal and/or prosecution. Failure of a vendor, consultant, or contractor to follow these policies is grounds for termination of agreements and subsequent legal action. Any questions regarding policies and procedures should be addressed to the Director, Systems Support Services. This Data Center Access Policy may be suspended in the event of an emergency that requires access for medical, fire, or police personnel.

Data Center Access

Rattler Card swipe access and unsupervised 24×7 access to the Data Centers will only be given to individuals with an approved and demonstrated business need to access the Data Centers on a regular basis, those individuals requiring infrequent access will be granted escorted access as needed. Individuals with unescorted access may escort and supervise unauthorized individuals provided all individuals are logged on entry and exit. Rattler Cards belonging to authorized individuals may not be loaned to unauthorized individuals; such action is grounds for disciplinary action. There are no temporary or blank access cards available. Any employee that forgets or misplaces their Rattler Card will be restricted to escorted access to the Data Centers until their Rattler Card is replaced.

Violations of the agreement can result in removal of access. Individuals that violate the policies and are removed from the list may face additional disciplinary actions, pending review by the responsible supervisor.

Levels of Access

Escorted

Individuals that have an infrequent need for Data Center access will be granted Escorted status and will not have Rattler Card swipe access. This will include vendors. Escorted access will be provided primarily during normal business hours. After-hours escorted access will be on an emergency or pre-arranged basis only. Individuals requesting escorted access must be signed in and out in the Data Center access log by a member of the ITS staff. They are required to provide identification on demand and leave the facility when requested to do so. They must not allow any other person access to the Data Center.

Unescorted

Employees that work inside the Data Center and other individuals that have been granted the access based on their job requirements and a demonstrated legitimate business need will have 24/7 access to the Data Center. In the event multiple individuals with unescorted data center access enter simultaneously each individual will swipe their Rattler Card prior to entering. This will ensure each entry is logged and available for audit. Please see Appendix B: Data Center Unescorted Access Procedure for more information.

Data Center Tours  

All visitors must sign in and out and must be escorted while touring the Data Centers.

Maintenance and Custodial Staff

University maintenance and custodial staff will need to be escorted when accessing the Data Centers. All facilities staff must sign the access log upon entering and leaving the Data Center.

First Responders

Campus first responders are granted unescorted access.

Periodic Review and Termination of Access

The Director Systems Support will review the access list annually and will remove any individuals who no longer have a legitimate business need to access the Data Centers.

As part of the employee exit procedure the ITS staff is notified when employees leave the department. An ITS Director will request the immediate removal of access rights if the employee has Data Center access.

Data Center Access Log

The Access logs at each Data Center must be maintained at all times by the ITS staff. All escorted individuals entering the Data Center must sign the log as they enter and exit for audit purposes.

Access Exception Reporting

Any unauthorized access to the Data Center must be reported to ITS Management and must be reported to the Director Systems Support who will determine if the incident needs to be reported to the campus police.

Attempts to forcibly enter the Data Center must be immediately reported to campus police.

Any incidents must be documented and stored in the designated location on SharePoint.

©2017. All rights reserved.