DataCentre Access Policies & Procedures

Transcription

1 DataCentre Access Policies & Procedures

2 Contents Purpose... 3 Overview... 3 DataCentre Access... 3 DataCentre Access Levels... 4 Periodic Review & Termination of Access... 5 DataCentre Access Log... 5 DataCentre Etiquette Rules... 5 Ownership of Equipment... 5 Appendix A: DataCentre Access Agreement... 6 Appendix B: DataCentre Unescorted Access Request Procedure... 7 Appendix C: DataCentre Escorted Access Request Procedure... 7 Appendix D: DataCentre Approved Vendor Access Procedure... 7 Appendix E: DataCentre Etiquette

3 Purpose The ICONZ-Webvisions DataCentres provide stable environments, enhanced security, alarms, uninterrupted power (UPS and generators), high-speed network connectivity, 24x7 Operator coverage and other features required by the mission-critical resources they contain. The policies and procedures described in this document have been developed to maintain a secure, safe environment and must be followed by individuals working in or visiting the DataCentres. All individuals requesting access or maintaining servers in the DataCentre must understand and agree to these procedures. Overview The ICONZ-Webvisions DataCentres contain ICONZ-Webvisions and ICONZ-Webvisions Customers computing and networking resources. Access is controlled to protect both the physical resources and the data from unauthorised use, accidental or malicious damage and theft. Access to the DataCentres will only be granted when a legitimate business need is demonstrated. This access policy and procedure document specifies the criteria for granting access to specific individuals or groups. Failure to follow these policies is considered grounds for dismissal and/or prosecution. Failure of a vendor, consultant, or contractor to follow these policies is grounds for termination of agreements and subsequent legal action. Any questions regarding policies and procedures should be addressed to the ICONZ-Webvisions Cloud Platform & Engineering Manager. This DataCentre Access Policy may be suspended in the event of an emergency that requires access for medical, fire, or police personnel. ICONZ-Webvisions shall give not less than 10 Business Days notice of any changes to its access policies and procedures. DataCentre Access Unescorted electronic swipe access and escorted unsupervised 24x7 access to the DataCentres will only be given to individuals with an approved and demonstrated business need to access the DataCentres on a regular basis, those individuals requiring infrequent access will be granted escorted and/or supervised access as needed. Individuals with Unescorted Access may escort and supervise unauthorised individuals provided all individuals are signed in and out at reception. Electronic swipe keys belonging to authorised individuals may not be loaned to unauthorised individuals; such action is grounds for disciplinary or legal action. Any employee or vendor that forgets or misplaces their electronic swipe key will be restricted to Escorted Access to the DataCentres until their electronic swipe key is replaced. Violations of the agreement may result in removal of access. Individuals that violate the policies and have their access removed may face additional disciplinary or legal actions, pending review by the ICONZ-Webvisions Cloud Platform & Engineering Manager. 3

4 DataCentre Access Levels Definitions Unescorted Access Status Authorised to enter the DataCentres unescorted 24/7 and is provided with an electronic swipe key with access to DataCentre floors and biometric scanner access for DataCentre doors. Escorted Access Status Authorised to enter the DataCentres escorted 24/7. Access to the DataCentres will be provided by an individual with Unescorted Access, however individuals with Escorted Access are authorised to remain in the DataCentre unsupervised once access has been granted. Levels of Access A. Employee Employees that work inside the DataCentre or have been granted the access based on their job requirements will have Unescorted Access to the DataCentre. Electronic swipe keys must be visible at all times when in the DataCentre. Please see Appendix B: DataCentre Unescorted Access Procedure on page 7 for more information. B. Customer Approved employees or contractors of ICONZ-Webvisions Customers who purchase Colocation services will be given Escorted Access to their rack/s in the DataCentre in order to install/de-install equipment, perform regular scheduled maintenance and repair work and have general access to their colocated equipment. Unescorted Access may be given temporarily at times to perform specific work such as equipment migration from one floor to another. Please see Appendix C: DataCentre Escorted Access Procedure on page 7 for more information. C. Vendor Approved ICONZ-Webvisions Vendors will be given Unescorted Access to the DataCentre in order to perform regular scheduled maintenance or repair work. All other ICONZ-Webvisions Vendors will be granted Escorted Access or alternatively Unescorted Access may be given temporarily at times to perform specific work. Please see Appendix D: DataCentre Approved Vendor Access Procedure on page 7 for information about vendor access. D. DataCentre Tours DataCentre tours must be pre-approved by the Engineering Team Leader and occur during normal business hours (Monday Friday 9:00am 5:00pm). All visitors must sign in and out at reception and be accompanied by an ICONZ-Webvisions employee while touring the DataCentres. 4

5 Periodic Review & Termination of Access The Engineering Team Leader will review the electronic swipe key access list every 90 days and will remove any individuals who no longer have a legitimate business need to access the DataCentres. As part of the employee exit procedure the Engineering Team are notified when employees leave ICONZ-Webvisions. The relevant Department Manager will request the immediate removal of access rights if the employee has DataCentre access. Customers must advise ICONZ-Webvisions when an approved employee or contractor is no longer in their employ or they no longer wish for that employee or contractor to have access to their equipment colocated in the DataCentre. DataCentre Access Log The Access log for the DataCentre must be maintained at all times by the ICONZ-Webvisions Customer Care Team. The log is kept online in the ICONZ-Webvisions CRM system and each entry includes Full Name, Date and Time details. All individuals with Escorted Access status entering the DataCentre must present their ICONZ-Webvisions photo ID Tag or another form of approved photo identification, such as Drivers License or Passport. All other unauthorised individuals must sign in and out at reception as they enter and exit for audit purposes. DataCentre Etiquette Rules It is mandatory that all people working within the DataCentre adhere to the posted rules of etiquette. This will insure DataCentre safety and efficiency. Please see Appendix E: DataCentre Etiquette on page 7 for more information. Ownership of Equipment ICONZ-Webvisions acknowledges that it has and gains no rights (legal or equitable) over any Customers equipment, servers or systems colocated in the DataCentre subject to the Customers Service Agreement. No dispute, breach or termination of the Service Agreement will be grounds for denying the Customer and/or its agent s access to the Customers equipment and the removal of such equipment. Where ICONZ-Webvisions has removed the Customers Escorted Access Status, an ICONZ-Webvisions employee will accompany and supervise the Customer s employee/s or contractor/s in order to provide access to the Customers equipment. 5

6 Appendix A: DataCentre Access Agreement Company Name Applicant Name Job Title Applicant Phone Applicant Physical Address (used to courier ID Tag) Justification for Access Those granted DataCentre access must abide by the following rules: 1. An individual that has Unescorted Access MUST formally sign in and out ALL visitors that are accompanying them into the DataCentre. 2. Individuals with access privilege must abide by all policies and procedures as described in the ICONZ-Webvisions DataCentre Access Policies and Procedures document. 3. Violating these rules can result in DataCentre access being revoked and/or disciplinary or legal action. 4. Read and abide all DataCentre access policies and procedures. I fully understand and agree to these rules. I also agree to provide my full cooperation during any investigation concerning a security matter, which might have occurred in the DataCentre during a time when my presence in the facility has been recorded. Abuse of this access privilege and/or non-compliance with this agreement may result in removal of access and/or disciplinary or legal action. Applicant s Signature ICONZ-Webvisions Authorising Manager Signature Date Date Access Level Unescorted Access Escorted Access INTERNAL USE ONLY Date Photo Taken (Y/N) Photo Serial Number Floor # Rack # Access Level (e.g. 24/7) Barcode # Entered in CRM (Y/N) 6

7 Appendix B: DataCentre Unescorted Access Request Procedure 1. Each employee requesting Unescorted Access to the DataCentres must complete a DataCentre Access Agreement form. 2. The Cloud Platform & Engineering Manager must sign the Access Agreement form before access can be granted. 3. All submitted DataCentre Access Agreement forms will be filed online in Sharepoint. 4. The electronic swipe key will then be authorised for access to the DataCentres and the employee will be setup with biometric access on their first entry to the DataCentres. Appendix C: DataCentre Escorted Access Request Procedure 1. The request to add an authorised person must come in writing from an existing authorised person or alternatively an authorised signatory for the company e.g. Director, Owner, General Manager, CTO, CEO 2. Each Customer employee or contractor requesting Escorted Access to the DataCentres must complete a DataCentre Access Agreement form and have their photo taken hours notice is required to process applications for DataCentre Access. 4. The Operations Manager must sign the Access Agreement form before access can be granted. 5. All submitted DataCentre Access Agreement forms will be filed online in Sharepoint. 6. The CRM record will be created and photo ID Tag will then be provided for Escorted Access to the DataCentres. Appendix D: DataCentre Approved Vendor Access Procedure 1. Each individual vendor requesting Unescorted Access to the DataCentres must complete the DataCentre Access Agreement Form. 2. The Cloud Platform & Engineering Manager must sign the Access Agreement form before access can be granted. 3. All submitted DataCentre Access Agreement forms will be filed online in Sharepoint. 4. In the event that the request is denied, the vendor and sponsoring ICONZ-Webvisions department will be informed by If Unescorted Access is approved, the electronic swipe key will then be authorised for access to the DataCentres and the vendor will be setup with biometric access on their first entry to the DataCentres. Appendix E: DataCentre Etiquette 1. All work areas must be kept clean and free of debris. Staff performing work in the DataCentres must ensure that they have left the areas as clean as they were before beginning their work. 2. To reduce fire hazards rack enclosures must be kept neat and free of manuals, media, boxes and unused equipment. Rack enclosures are not storage cabinets and must only be used for functioning equipment. 3. Doors on all racks should remain closed at all times except during maintenance. 4. Cables should never be strung outside of rack enclosures. 5. Under no circumstances should any Customer or a Customer s Contractor: a. Lift floor tiles without prior knowledge, consent, and oversight of ICONZ-Webvisions staff. b. Tamper with or interfere with the normal function of the Transformers or Power Distribution Units (PDU). c. Tamper with or interfere with the normal function of the Air Conditioning units. d. Plug any device into another rack s power supply. e. Remove any cables or power connections from equipment other than their own. 6. The Cloud Platform & Engineering Manager should be contacted immediately if any customer or vendor requests access to the DataCentre plant room, infrastructure and/or environmental systems. 7

8 7. Suspicious activity or access and/or broken or faulty equipment must be reported to ICONZ-Webvisions staff immediately. 8. If there is a fire or the fire alarm sounds, staff performing work in the DataCentres must exit following the exit signs via the stairs immediately to the assembly point on Airedale Street. As part of our fire exit policy we do not actively check the DataCentre floors for visitors. 9. Under no circumstance should any food and beverages of any kind be within the DataCentre. 8