Department of Information Technology



Similar documents
Data Centers and Mission Critical Facilities Access and Physical Security Procedures

2.09 Key and Card Access Systems Approved by Executive Committee: 8/17/04

Data Centre & Facilities Access Procedures

The County of San Bernardino Department of Behavioral Health. Facility Physical Security and Access Control Pr

DFA EXTERNAL AGENCY POLICY AND FORMS FOR ACCESS CONTROL

Data Center Access Policies and Procedures

Security, Access Management and Key Control Policy and Procedures

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Network Service Policy

DataCentre Access Policies & Procedures

CHARLOTTE SCHOOL of LAW IDENTIFICATION BADGE POLICY

C-TPAT Self-Assessment - Manufacturing & Warehousing

NEWTON ISD TIME CLOCK POLICY AND GUIDELINES

Customer Guide to the DATAONE Datacenter

Importers must have written and verifiable processes for the selection of business partners including manufacturers, product suppliers and vendors.

NOAA HSPD-12 PIV-II Implementation October 23, Who is responsible for implementation of HSPD-12 PIV-II?

Customs & Trade Partnership Against Terrorism (C TPAT)

UNIVERSITY OF MASSACHUSETTS RECORD MANAGEMENT, RETENTION AND DISPOSITION POLICY

Direct Business & Direct Business Plus Internet Banking

CITY UNIVERSITY OF HONG KONG Physical Access Security Standard

Colocation Center Policies & Procedures

ONLINE BANKING DISCLOSURE/AGREEMENT

STATE SUPPORT FUNCTION ANNEX 2 COMMUNICATIONS

New River Community College. Information Technology Policy and Procedure Manual

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Montgomery I.S.D Payroll Procedures Manual

Data Center Operational Policy

Business Continuity and Disaster Recovery Plan

Managed Hosting & Datacentre PCI DSS v2.0 Obligations

Background Investigations and Reference Checks

BILL PAYMENT SERVICES AGREEMENT TERMS AND CONDITIONS

Introduction to Security Awareness Briefing. Office of NOAA

UMB Discover Cardholder Agreement

Overview of Business Continuity Planning Sally Meglathery Payoff

AN ORDINANCE GOVERNING RANDOLPH COUNTY COURTHOUSE SECURITY AND BUILDING PROCEDURES

UNCLASSIFIED UNCONTROLLED-IF-PRINTED. Public

REQUEST FOR PROPOSAL FOR: Fire and Security Alarm Service and Monitoring

Mt. San Antonio College Campus Emergency Response and Evacuation Plan

REVIEW OF NRC S SEPARATION-CLEARANCE PROCESS FOR EXITING STAFF AND CONTRACTORS. OIG/99A-06 July 20, 1999

State of Vermont. Physical Security for Computer Protection Policy

ST. CLOUD STATE UNIVERSITY INSTALLATION AND USE OF VIDEO SURVEILLANCE EQUIPMENT PROCEDURE. Purpose

Physical Protection Policy Sample (Required Written Policy)

CAMPUS KEY POLICY. Gerry, Bomotti, Senior Vice President for Finance and Business

Louisiana State University Information Technology Services (ITS) Frey Computing Services Center Data Center Policy

DEPARTMENTAL DIRECTIVE

FLORIDA HIGHWAY PATROL POLICY MANUAL

ARTICLE 5. ALARM DEVICES AND SYSTEMS

Intermec Security Letter of Agreement

Chapter 9.16 EMERGENCY ALARMS

Policy Title-Aquia Data Center Operational Policy & Procedure. Policy ID - TSD-ADC001. Version - Version: 1.0. Supersedes Version 1.

Corporate Internet Banking. Authorization Worksheets

How To Protect A Water System

Service Level Agreement for Database Hosting Services

Managed Security Services Service Level Agreement Current. Managed Security Services SLA

ONLINE BANKING AGREEMENT AND DISCLOSURE

EMERGENCY PROCEDURES

C-TPAT Importer Security Criteria

Records Management Policy

Online Banking Terms and Conditions

ELECTRONIC FUND TRANSFERS AGREEMENT AND DISCLOSURE

ELECTRONIC INFORMATION SECURITY A.R.

CYBER SECURITY POLICY For Managers of Drinking Water Systems

20 AIRPORT SECURITY RULES AND REGULATIONS

DHHS Information Technology (IT) Access Control Standard

REVIEWED ICT DATA CENTRE PHYSICAL ACCESS AND ENVIROMENTAL CONTROL POLICY

AAPT Business Inbound Voice

Security Architecture. Title Disaster Planning Procedures for Information Technology

MOUNT CARMEL HEALTH SYSTEM MEDICAL EDUCATION POLICY/PROCEDURE

Account Management Standards

CONTRACT DATA SHEET SECURITY GUARD SERVICE CONTRACT #: CONTRACT DATES: 2/1/12-12/31/16 WALTER B. LARAUS PHONE: 585/ FAX: 585/

ONLINE BANKING APLICATION

Service Level Agreement: Support Services (Version 3.0)

Security Management Plan

PENN STATE DATA CENTERS POLICY IMPLEMENTATION AND PROCEDURES MANUAL

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

welcome to Telect s Minimum Security Criteria for Customs-Trade Partnership Against Terrorism (C-TPAT) Foreign Manufacturers Training Presentation

Directions Credit Union CUOnline (Online Banking), edocuments and Bill Pay Services Agreement and Disclosures

Information Security. Manual Guideline. Version 3

CS&T Data Center Hosted Shared Services Policies & Work Rules

CONSUMER ELECTRONIC FUNDS TRANSFER AND DEBIT CARD AGREEMENT

FAYETTEVILLE STATE UNIVERSITY POLICY ON INFORMATION SECURITY

Welcome to AISB Created by IT Facilities Manager, Lylah Shelor and Updated on July 28, 2015

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

Transcription:

Department of Information Technology ISSUE DATE: 6/3/08 EFFECTIVE DATE: 9/1/08 Facilities TITLE: Physical Access Control for DoIT POLICY NUMBER: DOIT-773-3102-001-A REVISED DATE: NEXT REVIEW DATE: 9/1/09 AUTHORITY: Department of Information Technology Act HB959, Sections 6-E3, 6-H1 REFERENCES: A. Statewide Standard, Personnel Security S-STD-011, (OCIO) B. State Personnel Board Rule, 1 NMAC 7, 11 Discipline PURPOSE: Assure a secure environment for all services provided by DoIT; that will protect against unauthorized access, detect attempted access and activate an effective response. Overall physical security needs may be assessed with regard to hardware, software, and enterprise infrastructure which includes voice, data, and radio services within the Simms Building and other DoIT facilities. SCOPE: All DoIT employees, other State of New Mexico agency staff who have business functions related to equipment hosted at a DoIT Facility, all State of New Mexico employees assigned to work at a DoIT Facility, all visitors of a DoIT Facility, and all contractors that provide service for DoIT. DEFINITIONS: A. Access Control System: An automated system that manages access to secure locations and has the ability to track, record, and alarm. B. Access Control Badge: An identification badge that has programmable access to secure entrances. Policy DOIT-773-3102-001-A Page 1 of 5

C. Access Control Reader: An intelligent device that detects authorized personnel in and out of secure areas quickly by reading an Access Control Badge. The device is mounted in direct contact to an entrance or exit of a secured location. D. Building Access Control Request Form: An Access Control Request Form is used to request access to the Department of Information facilities and Data Centers. E. Authorized Sponsor: An authorized DoIT employee that escorts a visitor in the DoIT Facility in secured areas. F. Active Contract: A contract that has been awarded to a vendor to produce a service for DoIT and is still in effect and has not expired. G. Agency: A department, commission, board, or institution of the State of New Mexico. H. CIO: Chief Information Officer. I. Contractor: A person that is not a state payroll employee and has an active contract with the DoIT. J. Custodian: A GSD/BSD employee assigned to perform maintenance and janitorial services at a DoIT facility. K. Data Center: Simms Building facility that is used to house computer systems and associated components, such as telecommunications and storage systems. L. DoIT: Department of Information Technology. M. DoIT Facility: Simms Building, Tiwa Telecommunication Room, Education Telecommunication Room. N. Long Term: More than thirty days. O. Office of Security: DoIT Office of Security that is responsible for maintaining a secure business environment through policy development and enforcement. P. Secured Areas: Locations in the Simms Building that are restricted with Access Control Readers. Q. Security Control Station: Security Control Station located in the front of the Simms facility. Houses Access Control and Video monitoring equipment along with day to day Security operations. R. Tailgating: The practice of following a valid user through an open door without using an access control badge. Policy DOIT-773-3102-001-A Page 2 of 5

S. Temporary Access Control Badge: A badge that is worn by a DoIT employee who has either forgotten, lost, or misplaced their Access Control Badge. T. Visitor: A person that has business at a DoIT Facility and is not an employee or long term contractor. POLICY: The Office of Security shall develop, implement and maintain a coordinated statewide Security plan for DoIT in which the Access Control for DoIT Facilities is defined as follows: A. The Office of Security will be responsible for the Access Control System. B. An Access Control Badge will not be loaned or transferred. C. An Access Control Badge will not be duplicated or copied. D. All visitors must be escorted by the authorized sponsor or security staff at all times. E. Tailgating through any secured access will only be permitted in the event of an emergency. F. Access Control Badges will be worn in clear view and not hidden or obscured by clothing or attire. G. Any lost Access Control Badge must be reported within one hour (or as soon as discovered) to the Office of Security as well as to their immediate supervisor. H. All non DoIT personnel must sign in before entering into the Data Center and sign out when exiting. I. The Data Center must only be accessed for business related functions. J. An Access Control Badge will be issued to correspond with a DoIT employee s job duties K. Visitor, Contractor, Custodian, and Temporary badges will only be issued when picture identification is rendered. L. An employee that forgets or misplaces their Access Control Badge must render picture identification upon receipt of a Temporary Access Control Badge. M. A DoIT employee or agency employee that is issued an Access Control Badge and is terminating, transferring, or being reassigned to a new work area, must surrender their Access Control Badge to the Office of Security. Policy DOIT-773-3102-001-A Page 3 of 5

PROCEDURES: 1. All State of New Mexico employees and contractors that require long term access to a DoIT Facility will be required to fill out the Building Access Control Request Form. 2. Agency staff that require access to a DoIT Facility, an Access Control Badge will only be issued with the presentation of a completed Building Access Control Request Form, which has been approved by the agency CIO and Office of Security. Requesters will be notified by the Office of Security when the Access Control Badge is available. 3. Access Control Badges will be issued only to areas specific to job duties and responsibilities. 4. For DoIT staff that require access to a DoIT Facility, an Access Control Badge will only be issued with the presentation of a completed Building Access Control Request Form, which has been approved by their direct supervisor, Division Director and Office of Security. Requesters will be notified by the Office of Security when the Access Control Badge is available. 5. Contractors that require long term access to a DoIT Facility, an Access Control Badge will only be issued with the presentation of a completed Building Access Control Request Form, which has been approved by the Office of Security. Requesters will be notified by the Office of Security when the Access Control Badge is available. 6. A Temporary Access Control Badge can be granted for up to five (5) working days. If the Temporary Access Control Badge is lost and not found or recovered after five days, a one time badge replacement will be authorized at no cost to the employee. If the employee loses the Access Control Badge there after, that employee will be responsible for the replacement costs to be defined by the Office of Cost Recovery. 7. All Temporary Access Control Badges will be obtained and returned to the Security Control Station each day that the badge is required. 8. A Building Access Control Request Form must be re-submitted to replace a lost badge. 9. A DoIT employee or agency employee that is issued an Access Control Badge and is terminating, transferring, or being reassigned to a new work area is required to return their Access Control Badge to the Office of Security by the end of the last scheduled workday. Access to the new work areas will be issued when a new Building Access Control Request Form is completed and authorized by the Office of Security. Policy DOIT-773-3102-001-A Page 4 of 5

10. Building Access Control Request Forms will be kept on file up to one year. If no activity is shown within the one-year period, badge will be disabled. Then a new form will need to be completed to reestablish Access. 11. After hours access Monday through Friday (5:00 p.m. to 7:30 a.m.) and weekends for short-term contractors and visitors require the DoIT Sponsor to notify the Office of Security twenty-four (24) hours in advance. The DoIT Sponsor must be present for escort. However, in the event of an emergency or a major outage the DoIT sponsor can alert the Security Control Station. 12. After hours access Monday through Friday (5:00 p.m. to 7:30 a.m.) and weekends for temporary employees requires the employee s direct supervisor to notify the Office of Security twenty-four (24) hours in advance. If it is an emergency or due to an outage then the employee s direct supervisor must alert the Security Control Station. 13. EXCEPTIONS TO THIS RULE WILL BE MADE ON CASE BY CASE BASIS BY THE OFFICE OF SECURITY ONLY. FORMS: A. Building Access Control Request Form. B. Policy Acknowledgement Form MANAGEMENT: A. It is the responsibility of the agency s Human Resources (HR) Office to promptly notify the DoIT Office of Security of an employee s separation or termination of employment. The HR Office is responsible for assuring that the Access Control Badge is returned to the Office of Security. B. An Access Control Badge may be revoked immediately by the Office of Security when the use is not in the best interest of the State of New Mexico. C. Appropriate and timely notification will be made regarding change(s) in policy or procedures, as deemed appropriate by the Secretary of DoIT. D. Each reported infraction of this policy will be handled on its own merit and may be subject to disciplinary action in conjunction with the State Personnel Board Rule, 1 NMAC 7, 11 Discipline. E. The Office of Security will review this policy annually in accordance with the DoIT Security Plan. Policy DOIT-773-3102-001-A Page 5 of 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information