IT FACILITY STANDARD NO. 5 DATA CENTER & IT FACILITY ACCESS



Similar documents
Data Center Access Policies and Procedures

DataCentre Access Policies & Procedures

Data Centers and Mission Critical Facilities Access and Physical Security Procedures

Information Technology Services Guidelines

Introduction to Security Awareness Briefing. Office of NOAA

CDW Advanced Image Deployment Service Customer Guide

MOUNT CARMEL HEALTH SYSTEM MEDICAL EDUCATION POLICY/PROCEDURE

Louisiana State University Information Technology Services (ITS) Frey Computing Services Center Data Center Policy

Data Centre & Facilities Access Procedures

How To Manage Keys At Trent University

Data Center Colocation - SLA

How To Write A Health Care Security Rule For A University

Policy Title-Aquia Data Center Operational Policy & Procedure. Policy ID - TSD-ADC001. Version - Version: 1.0. Supersedes Version 1.

Managed Security Services SLA Document. Response and Resolution Times

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Data Center Operational Policy

Creating Incidents & Requests For the Dell Data Center

HIPAA Security Alert

Disaster Recovery Checklist Disaster Recovery Plan for <System One>

Network & Information Security Policy

CITY UNIVERSITY OF HONG KONG Physical Access Security Standard

SAMPLE TEMPLATE. Massachusetts Written Information Security Plan

TONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES. Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1

Security Tool Kit System Checklist Departmental Servers and Enterprise Systems

POLICY & PROCEDURE DOCUMENT NUMBER: DIVISION: Finance & Administration. TITLE: Policy & Procedures for Credit Card Merchants

Adjudication System Maintenance Manual

Managed Hosting & Datacentre PCI DSS v2.0 Obligations

PC Proactive Solutions Technical View

Service Level Agreement (SLA)

Central Texas College District Human Resource Management Operating Policies and Procedures Manual Policy No. 294: Computer Security Policy

DEPARTMENTAL POLICY. Northwestern Memorial Hospital

UCS Level 2 Report Issued to

Supply Chain Security Audit Tool - Warehousing/Distribution

Information Resources Security Guidelines

Welcome to ComputerEase 10.0

CLOCKWORK Training Manual and Reference: Inventory. TechnoPro Computer Solutions, Inc.

Access Control Regulations

System Center Configuration Manager Overview

Cleveland Clinic Vendor Representative Handbook

CENG Information Technology Services University of North Texas

PHYSICAL ACCESS CONTROL

WebEx. Remote Support. User s Guide

CS&T Data Center Hosted Shared Services Policies & Work Rules

Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index

The County of San Bernardino Department of Behavioral Health. Facility Physical Security and Access Control Pr

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

BridgeConnex Statement of Work Managed Network Services (MNS) & Network Monitoring Services (NMS)

Departmental On-Site Computing Support (DOCS) Server Support SLA

DETAIL AUDIT PROGRAM Information Systems General Controls Review

INTERNET AND COMPUTER ACCEPTABLE USE POLICY (AUP)

CREDIT CARD MERCHANT POLICY. All campuses served by Louisiana State University (LSU) Office of Accounting Services

Enterprise Data Integration (EDI)

Admin Reference Guide. PinPoint Document Management System

University of Wisconsin-Madison Policy and Procedure

HIPAA Privacy and Security Risk Assessment and Action Planning

Physical Protection Policy Sample (Required Written Policy)

CHARLOTTE SCHOOL of LAW IDENTIFICATION BADGE POLICY

RSS Cloud Solution COMMON QUESTIONS

Setting Up Scan to SMB on TaskALFA series MFP s.

Standard: Event Monitoring

Platform as a Service (PaaS) Policies and Procedures

Small Business IT Risk Assessment

State of Vermont. Physical Security for Computer Protection Policy

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

INFORMATION TECHNOLOGY. SERVICE ASSET AND CONFIGURATION MANAGEMENT PROCESS Version 3, Rev. May 5, 2015

Installing and Activating Smaart 7

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

CDW Standard Image Deployment Service Customer Guide

Acronis Backup & Recovery 11

Department of Computer Science. Computer Science IT support. For Research Students and Staff

Customer Guide to the DATAONE Datacenter

Using Time Machine to Backup Multiple Mac Clients to SNC NAS and 1000

Dartmouth College Merchant Credit Card Policy for Managers and Supervisors

Service Scheduler User Guide. Version 1.6 (Nov 2011) Service Scheduler is a product of ABit Consulting. All rights reserved.

REGIONAL MEETING PURPOSE OVERVIEW OF RESPONSIBILITIES Regional Meeting Host Chapter Manual

APPENDIX 5 TO SCHEDULE 3.3

Pro-Watch Software Suite Installation Guide Honeywell Release 4.1

DRAFT National Rural Water Association Identity Theft Program Model September 22, 2008

Security Management Plan

UNCLASSIFIED UNCONTROLLED-IF-PRINTED. Public

Transcription:

Function Affected: IT Facilities including data centers and network rooms (BDFs and IDFs) Issued Date: 06/01/15 Issue Superseded: 12/15/13 Number of Pages: 6 I. Background The UCSF data centers and network rooms such as BDFs and IDFs are critical to the health care, academic and research missions as well as University business functions. Ensuring the physical security of these facilities is an important way of protecting these critical assets. The primary goal of this standard is to maximize facility security while at the same time enabling access to those who are authorized. II. Card Key System Access to the data center and some network rooms is restricted via the UCSF card key system (ProWatch). This campus-wide system is administrated by the UCSF Police Department and supported by UCSF Facilities Services. Card key activation and authorization for the Data Centers is managed by the IT Facilities group. Network room access is managed by the Network Operations group. Access is granted based upon the following criteria: 1. Staff with work assignments inside the facility. 2. System administration staff requiring frequent access to the facility during or outside standard work hours to resolve system problems. 3. UCSF Police Officers 4. Facility Services Technicians supporting the facility 5. Members of the IT Departmental Emergency Operation Center responding to a declared emergency. This access is only available for the 654 Minnesota St. location and is limited to the Command Center portion the facility. Page 1 of 6

Overall security is improved by limiting the number of individuals with facility access. III. Card Keys Holder Rules Those granted card key access must abide by the following rules: 1. UCSF Photo identification badges must be worn above the waist and be clearly visible, at all times. 2. Card keys must not be loaned or used to allow access to any unauthorized person. 3. Access to all secure areas should be handled with the use of a card key. Card Key holders must not access areas for which they do not have approved authorization. 4. Equipment Log any equipment taken out of the data centers (repair / replacement / de-commissioned, etc.) is to be documented in the log (make, model, description, serial number of the item and if it is part of a system, provide additional info of the parent equipment make, model, description, serial number etc.). The log is to undergo regular review. 5. Card key holders must not touch equipment and supplies belonging to other departments. The IT Facilities group will provide access to tools or other equipment mounting supplies for use at one of the data centers. 6. Lost or stolen card keys must be reported to the card key holder s manager, IT Facilities at (415) 476-2643 and the UCSF Police Department. 7. Everyone requiring access to the data centers outside of regular business hours (0800 to 1700, M-F) must log in and out. 8. Food, drink or other fluids are not allowed in the IT facility equipment areas. 9. All problems or emergency situations must be immediately reported to IT Facilities and Computer Operations for data centers or Network Operations for network rooms. Page 2 of 6

10. IT facilities are only to be accessed to meet business requirements. Loitering will not be tolerated. IV. Any rule violation may result in a revoking of card key access. Authorized Entry Without a Card Key A database of all individuals with data center access is maintained in the card key system. This database is the record for all access approval and the source of authorization for granting access to individuals who have forgotten or lost their card key. Any authorized individual granted access without a card key is required to log in and out and agree they will adhere to the Data Center and IT Facility Access Standard policy. The following Identification is required for all data center and IT facility visitors without card key access: 1. UCSF staff members: UCSF ID (Campus and Medical Center) along with government issued photo ID 2. Non-UCSF visitors: Associated vendor (company issued employee ID) along with government issued photo ID V. Vendor and Visitor Access to Perform Work Work performed by vendors and visitors must be documented in an approved change ticket in ServiceNow. The change ticket must include the following critical information: GENERAL INFORMATION 1. Change Request # 2. Associated Vendor Ticket/Case # 3. Brief Description of Work to be Performed 4. Company Name Requesting Access (List Individual s Names in Step #8 Below) 5. UCSF Sponsor Approving Visitor Access 6. UCSF Business Application Owner (if applicable) 7. UCSF Application Admin (if applicable) INDIVIDUALS (UCSF IT & VISITOR) ASSIGNED TO THE WORK & REQUIRE ACCESS 8. List ALL names (UCSF IT & Visitor s) - list names, mobile, title & role of those that require access and scheduled to be in the Data Center or Network Closet Contact Name Mobile # Title & Assigned Role Page 3 of 6

during CHG or via remote access into system. DATE & TIME SCHEDULING 9. Scheduled Date & Time of Arrival for Visitor 10. Planned Date(s) for Visitor Access 11. Planned Hours for Visitor Access (Start/End Time) VISITOR ONSITE OR REMOTE ACCESS - If Onsite, complete Steps #12-16 and continue to Step #19. If Remote, complete Steps #17-18 and continue to Step #19. 12. ONSITE: Who is Visitor Escort Into Data Center or Network Closet? 13. ONSITE: Will Visitor be supervised entire time? If yes, by who? If no, why? 14. ONSITE: If Visitor NOT supervised entire time, what Director approved unsupervised visit? And, explain why unsupervised. 15. ONSITE: Why can t Visitor perform work via remote VPN access? 16. ONSITE: Can Visitor perform work at computer adjacent to Data Center? If no, briefly explain. 17. REMOTE: If remote access, is there UCSF oversight throughout entire CHG, e.g., observing Visitor work via WebEx session? If yes, by who? If no, explain why. 18. REMOTE: If Visitor NOT supervised entire time, what Director approved unsupervised remote access? And, explain why unsupervised. SERVER / SYSTEM CHANGE INFORMATION 19. Host name: --------------------------------------------------> LIST ALL HOSTS. IP: --------------------------------------------------------------> Cabinet: ----> Rack Unit #: -----------------------------> 20. Are server and/or systems backed up? If not, explain. Provide date of last successful backup. If virtual machine, snapshot required? (Snapshots are deleted 48-hours after capture time) 21. List any other applications on the server. If none, write none. 22. Proceed to ( Visitor Step-by-Step CHG PROCEDURE section below) VISITOR S STEP-BY-STEP CHANGE INFORMATION - INCLUDE VALIDATION & CONTINGENCY PLAN/EXIT STRATEGY CHG PROCEDURE VISITOR STEP BY STEP PROCEDURE OR ATTACH VISITOR MOP DURATION START FINISH COMMENTS Page 4 of 6

1. 2. 3. 4. 5. The change assignee or sponsor must meet the vendor or visitor to escort them and oversee their work. All vendors, regardless of access authorization status must sign the log. Vendors and visitors granted data center access must abide by the following rules: 1. UCSF issued ID must be worn at the waist or above, and clearly visible, at all times. i. Non-UCSF vendors: Present a company issued employee ID along with government issued photo ID (driver license, passport, etc.) ii. Non-UCSF visitors: Present a government issued photo ID 2. Access to all secure areas within the data center should be handled with the use of a card key. Vendors and visitors must not attempt to access card-key controlled areas without the appropriate escort. 3. Vendors and visitors must not touch equipment and supplies other than the equipment they are on-site to support that has been documented in the visitor access template and Change Request ticket. If necessary, IT Facilities will facilitate access to tools or other equipment mounting supplies. 4. Equipment Log Any equipment taken out of the data centers (repair / replacement / de-commissioned, etc.) is to be documented in the log (make, model, description, serial number of the item and if it is part of a system, provide additional info of the parent equipment make, model, description, serial number etc.). The log is to undergo regular review. 5. Food, drink or other fluids are not allowed in the IT facility equipment areas. 6. All problems or emergency situations must be immediately reported to IT Facilities and Computer Operations for data centers or Network Operations for network facilities Page 5 of 6

7. IT facilities are only to be accessed to meet business requirements Loitering will not be tolerated. VI. Other Visitors 1. All other visitors must sign the log and be escorted the entire time they are in the facility. VII. Data Center Card Key Access Review 1. An Outlook calendar reminder is set for the Data Center Card Key Access Authorization Review to occur on the second Friday of the first month of each quarter. 2. The Senior IT Facilities Coordinator pulls the ProWatch authorized access report for the Data Center Card Key controlled doors. 3. The reports are sent to the IT Facilities Manager to review. 4. The IT Facilities Manager instructs the Senior IT Facilities Coordinator to deactivate access for any unauthorized individuals. 5. The IT Facilities Manager posts copies of the quarterly report to UCSF Box IT Facilities folder. Page 6 of 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information