MARULENG LOCAL MUNICIPALITY



Similar documents
REVIEWED ICT DATA CENTRE PHYSICAL ACCESS AND ENVIROMENTAL CONTROL POLICY

Georgia Tech Aerospace Server French building Server Room. Server Room Policy Handbook: Scope, Processes and Procedure

hong kong//china data center specifications tel: fax: internet + intellectual property + intelligence

ISO IEC ( ) INFORMATION SECURITY AUDIT TOOL

Understanding Sage CRM Cloud

DataCentre Access Policies & Procedures

Louisiana State University Information Technology Services (ITS) Frey Computing Services Center Data Center Policy

CITY UNIVERSITY OF HONG KONG Physical Access Security Standard

CS&T Data Center Hosted Shared Services Policies & Work Rules

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

Data Center Access Policies and Procedures

DATA CENTRES UNDERSTANDING THE ISSUES TECHNICAL ARTICLE

Customer Guide to the DATAONE Datacenter

ULH-IM&T-ISP06. Information Governance Board

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction Policy Statement Purpose...

melbourne//australia data center specifications internet + intellectual property + intelligence tel: fax:

Rules of Conduct and Safety

School of Engineering University of Glasgow

Fire Risk Assessment Safety Checklist

TENDER FOR TECHNICAL BUILDING MAINTENANCE SERVICES TERMS OF REFERENCE. April 2013 OVERALL PURPOSE

Overview of Fire Alarm Systems and Maintenance

Health & Safety Policy For Locations Hosting Film Production Companies

Physical Security Policy

Customer Manual. for colocation customers of M247 Ltd. v Classification: A (Public)

NeuStar Ultra Services Physical Security Overview

Austin Independent School District Police Department Policy and Procedure Manual

singapore//singapore data center specifications tel: fax: internet + intellectual property + intelligence

TECHNOLOGY RESEARCH AND DEVELOPMENT More Than Alarm Anna Kołodziej-Saramak

PLAN REVIEW GUIDE FOR FIRE ALARM

Colocation Center Policies & Procedures

EXHIBIT A SCOPE OF WORK

STONEBRIDGE COMMUNITY FUNDAY

HealthcareBookings.com Security Set Up

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

Guidelines for. the employment EXTERNAL COMPANIES

CalMod Design-Build Electrification Services

Fire Safety Log Book

Standard Comms Rooms Specification

Restaurant & café guide

Standard: Data Center Security

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

FIRE SAFETY SELF-INSPECTION FORM FOR CULTURAL INSTITUTIONS

Fire Safety Risk Assessment Checklist for Residential Care Premises

WASTE Application Form - Dublin Waste to Energy SECTION J ACCIDENT PREVENTION & EMERGENCY RESPONSE

CITY OF PHILADELPHIA DEPARTMENT OF LICENSES AND INSPECTIONS ANNUAL CERTIFICATION FOR FIRE ALARM SYSTEMS

INFORMATION TECHNOLOGY SECURITY STANDARDS

Safety and Health Office WORKPLACE SAFETY CHECKLIST

ANNEXURE 07: CHECK-LIST FOR OFF-SITE STORAGE FACILITIES

Zone B: comprises of NOC room, reception area, Help Desk area, Call Centre, Testing/Monitoring room. This zone requires approximately 1500 sq. feet.

Data Centre Services. JT Rue Des Pres Data Centre Facility Product Description

CBD-233. Fire Alarm and Detection Systems

Australian Government Data Centre Strategy

UBC Technical Guidelines Section Edition Secure Access: General Standards Page 1 of 7

Mike Casey Director of IT

FIRE SAFETY SELF-INSPECTION FORM FOR CULTURAL INSTITUTIONS. 1. All Floors (inspect from top floor to basement): Yes No

FLA S FIRE SAFETY INITIATIVE

BUILDING OWNERS - SERVICE RELATED ISSUES FOR FIRE ALARM SYSTEMS

Fire Safety Risk Assessment

FIRE ALARM SYSTEM SUBMITTAL CHECKLIST AND APPLICATION

Rotherham CCG Network Security Policy V2.0

APPLICATION FOR PHARMACY PROFESSIONAL LIABILITY INSURANCE

CATERING CONTRACTORS General Code of Safety Practice

REQUEST FOR PROPOSAL FOR: Fire and Security Alarm Service and Monitoring

USER S MANUAL. MaxPower UPS. Uninterruptible Power System 28-2MAXPO0018

Data Center Presentation

Core & Shell Construction. Rules and Regulations

Bold items are particular to the City of Euless

SYSTRUST CERTIFICATION REPORT FOR COLLOCATION AND DATA CENTER HOSTING SERVICES FOR THE PERIOD FROM JANUARY 1, 2013 TO DECEMBER 31, 2013

Maintaining Fire Protection Systems

Data Center Overview Document

SECURITY VULNERABILITY CHECKLIST FOR ACADEMIC AND SMALL CHEMICAL LABORATORY FACILITIES

Standard Message Library

Document Details. 247Time Backup & Disaster Recovery Plan. Author: Document Tracking. Page 1 of 12

Security Control Standard

Security Systems Surveillance Policy

About Injazat. Enterprise Cloud Services. Premier Data Center. IT Outsourcing. Learning and Development Services. Enterprise Application Services

General Safety & Health Standards Published by the Division of Building Safety In Cooperation with the Idaho Industrial Commission

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Liebert GXT MT+ CX UPS, 1000VA VA Intelligent, Reliable UPS Protection. AC Power for Business-Critical Continuity

Our data centres have been awarded with ISO 27001:2005 standard for security management and ISO 9001:2008 standard for business quality management.

Policy Document. IT Infrastructure Security Policy

JAWAHARLAL NEHRU UNIVERSITY

FACILITY FIRE PREVENTION AND EMERGENCY PREPAREDNESS INSPECTION CHECKLIST

CONFINED SPACE POLICY

SECURITY SYSTEM NOTES. EMERGENCY ACTIVATION KEYS (check if enabled) PROGRAMMED FUNCTIONS

Colocation Service Definition. SD008 v1.3 Issue Date 19 Feb 09

Data Centre Services. JT First Tower Lane Data Centre Facility Product Description

Server Monitoring & Management Services

Transcription:

MARULENG LOCAL MUNICIPALITY Data Centre Physical Access and Environmental Control Policy Draft: Data Centre Access Control and Environmental Policy Page 1

Version Control Version Date Author(s) Details 1.1 23/03/2012 Modiba Masilo New Policy Draft: Data Centre Access Control and Environmental Policy Page 2

Contents 1. Introduction... 5 2. Definitions... 5 3. Purpose... 6 4. Scope... 6 5. Security... 6 5.1 Background... 6 5.2 Entry Systems and Access Control... 6 5.3 Contractor Access after hours... 7 5.4 Close circuit television... 7 6. Safety... 8 6.1 Overview... 8 6.2 Signs and information... 8 6.3 Health and Safety Considerations... 8 6.4 Emergency Exits and Fire Alarm Procedures... 9 6.5 Fire Detection and Fire Extinguishers... 9 6.6 Electrical Safety... 9 7. Data Centre Use... 9 7.1 Hours of Operation... 9 7.2 Equipment Delivery... 10 7.3 Control of Equipment and Spares... 10 7.4 Prohibited Items... 10 7.5 Cables and Wiring... 11 8. Environment... 11 8.1 Air Conditioning... 11 8.2 CO2 Fire Extinguisher... 11 8.3 Power and lighting Provisioning... 11 8.4 UPS Provisioning... 12 8.5 Temperature and Humidity... 12 8.6 Environment Monitoring... 12 8.7 Dust Prevention... 13 8.8. Waste Disposal and Cleaning... 13 9. Change and Configuration Management... 13 9. Consequences of Non-Compliance... 13 Draft: Data Centre Access Control and Environmental Policy Page 3

10. Policy Review... 14 11. Implementation... 14 Draft: Data Centre Access Control and Environmental Policy Page 4

1. Introduction Data Centres are found in almost all organisations ICT infrastructure. These data centres host the server environment and electronic data. Due to the sensitivity nature of these data centres, a policy is imperative to guide the Department on the proper mechanisms to manage this room as well to protect information. 2. Definitions Access Control: Mechanisms and policies that restrict access to resources. AC: Alternating Current - an electrical current that frequently reverses direction. Biometrics: Process by which a person's unique physical and other traits are detected and recorded by an electronic device or system as a means of confirming identity. CCTV: Closed Circuit Television is the use of video cameras to transmit a signal to a specific place, on a limited set of monitors. Data Centre: facility used to house computer systems and associated components, such as telecommunications and storage systems. It generally includes redundant or backup power supplies, redundant data communications connections, environmental controls (e.g., air conditioning, fire suppression) and security devices. Fire Extinguishers: an active fire protection device used to extinguish or control small fires, often in emergency situations. Raised floor: Types of floor that provide an elevated structural floor above a solid substrate (often a concrete slab) to create a hidden void for the passage of mechanical and electrical services. Tailgating: Entering an area without authorisation verification by following someone who has access. UPS: an electrical apparatus that provides emergency power to a load when the input power source, typically mains power, fails Draft: Data Centre Access Control and Environmental Policy Page 5

3. Purpose The purpose of this document is to define the policies and procedures relating to access control, environmental control, and operations of Maruleng Local municipality Data Centre. 4. Scope The scope of the policy will cover, but is not limited to the following areas: 4.1 Security 4.2 Safety measures and procedures 4.3 Emergency measures and procedures 4.4 Access control procedures 4.5 Change and configuration management 4.6 Environmental control, reporting and maintenance 4.7 Monitoring facilities. 5. Security 5.1 Background 5.1.1 The vulnerability of business critical information systems and the data they contain within the Data Centre make the site a high value asset, which requires a high degree of protection. 5.1.2 A range of security measures are therefore in place to protect employees, information and physical assets, along with the reputation of Maruleng Local municipality and interested third parties with equipment in the Data Centre. 5.2 Entry Systems and Access Control 5.2.1 Access shall be controlled via Biometrics fingerprint system and all doors shall be fitted with sensors to detect unauthorised or prolonged opening. Draft: Data Centre Access Control and Environmental Policy Page 6

5.2.2 Staff and visitors shall not adjust or otherwise tamper with door fittings. Any suspected faults with doors, lights or any security equipment should be reported to Security Services and/or IT Manager immediately. 5.2.3 Any person requiring access to the Data Centre shall sign the log book upon arrival. 5.2.4 Only authorised IT and Security Services personnel shall have access to the Data Centre via the biometrics system. Any other personnel including full time employees, contractors and vendors will be escorted by authorised IT and/or Security personnel during office hours. 5.2.5 Tailgating into restricted areas is prohibited. Care shall therefore be taken by all authorised staff to prevent this. During deliveries, authorised staff shall supervise such work at all times. 5.3 Contractor Access after hours 5.3.1 Security Services shall be responsible for access control and security of the Data Centre outside normal working hours. 5.3.2 In case where contractors require access to Data Centre after hours, Security Services shall be responsible to provide such access and protection. 5.3.3 The IT Manager will authorise the use and changes to be made in the Data Centre. 5.4 Close circuit television 5.4.1 Internal, entry and exits area of the Data Centre shall be monitored by a closed circuit television (CCTV) to capture all Data Centre activities. 5.4.2 CCTV shall be integrated and monitored by Security Services. Draft: Data Centre Access Control and Environmental Policy Page 7

6. Safety 6.1 Overview In addition to the safety precautions outlined herein, the Data Centre safety precautions shall be applied in conjunction with Maruleng Local municipality Occupational Health and Safety policy. 6.2 Signs and information 6.2.1 Safety signs and information shall be posted at access points to the Data Centre. 6.2.2 General notices shall also be posted around the Data Centre; providing detailed information on first aid, emergency contacts and general Health and Safety issues 6.3 Health and Safety Considerations 6.3.1 No one should attempt to lift heavy equipment without suitable help. 6.3.2 No one should attempt to lift equipment in and out of racks unaided, particularly where height makes the task more dangerous. 6.3.3 Noise levels shall be checked at every half-year to ensure a safe working environment. 6.3.4 Ear defenders shall be made available and be worn if working in the Data Centre for periods longer than 30 minutes. 6.3.5 Anyone working in the Data Centre for prolonged periods should let staff know of their presence. Users are advised to take regular breaks from working to avoid adverse effects from temperature and noise levels in particular. 6.3.6 Flexible safety barriers shall be available and be used to lift up raised floor tiles. Draft: Data Centre Access Control and Environmental Policy Page 8

6.4 Emergency Exits and Fire Alarm Procedures 6.4.1 When fire alarm is triggered at the Data Centre, normal emergency procedures shall be followed as stipulated by Maruleng Local municipality emergency evacuation procedures. Only emergency exit shall be used. 6.5 Fire Detection and Fire Extinguishers 6.5.1 Fire and smoke detection system shall be fitted and linked to audible and virtual alarms. 6.5.2 If an alarm is activated the Data Centre shall be evacuated immediately to avoid gas inhalation and the incident shall be reported to Security Services and or IT Manager. 6.6 Electrical Safety 6.6.1 Only qualified electrical technicians shall have access to electrical systems, IT staff and other personnel should contact the relevant electrical personnel when encountering electricity problems. 6.6.2 Request shall be authorised by the IT Manager. 7. Data Centre Use 7.1 Hours of Operation 7.1.1 The Data Centre will be operated during office hours to authorised personnel between 7:00 am to 16:00 pm. Draft: Data Centre Access Control and Environmental Policy Page 9

7.1.2 Access afterhours for maintenance purposes will be authorised and delegated by the IT Manager. 7.2 Equipment Delivery Delivery of equipment shall be supervised by authorised personnel upon approval by the IT manager. 7.3 Control of Equipment and Spares 7.3.1 No unused equipment and spares shall be left at the Data Centre. 7.3.2 Alternate storage facility shall be available for such purpose. 7.4 Prohibited Items The following items are prohibited from the Data Centre: 7.4.1.1 Combustible materials such as paper and cardboard (except reference manuals as needed); 7.4.1.2 Food and drink; 7.4.1.3 Tobacco products; 7.4.1.4 Explosives and weapons; 7.4.1.5 Hazardous materials; 7.4.1.6 Alcohol, illegal drugs and other intoxicants; 7.4.1.7 Electro-magnetic devices that could cause interference with computer and telecom equipment; 7.4.1.8 Radioactive materials; and 7.4.1.9 Photographic or recording equipment (other than backup media). Draft: Data Centre Access Control and Environmental Policy Page 10

7.5 Cables and Wiring 7.5.1 Cables and wires shall be structured and labelled when running under the raised floor, wall, and equipment racks. 8. Environment 8.1 Air Conditioning 8.1.1 Under floor air conditioning shall be provided in the Data Centre. It shall deliver enough cooling per rack in accordance with design specification. 8.1.2 Service shall be done at least three times a year by a reputable maintenance service provider for Airdale equipment. Certificate for maintenance performed shall be submitted to the Department. 8.2 CO2 Fire Extinguisher 8.2.1 Class E gas fire extinguisher shall be implemented to prevent damage to Data Centre electrical facilities. 8.2.2 Service shall be done at least annually by a reputable maintenance service provider for C02 gas shall be done. Certificate for maintenance performed shall be submitted to the Department. 8.3 Power and lighting Provisioning 8.3.1 Two single phase power sockets shall be available in each rack and shall be fed directly from the main switch. Draft: Data Centre Access Control and Environmental Policy Page 11

8.3.2. Adequate power light shall be available to ensure that all equipments in the Data Centre are clearly visible. 8.3.3 Lights shall be switched off when no access to the Data Centre is required. 8.4 UPS Provisioning 8.4.1 All major equipment at the Data Centre shall be powered on by a UPS system, should the AC power goes down. The UPS system should sustain power to those devices for at least 5 minutes to allow graceful shutdown. 8.4.2 Service shall be done at least annually by a reputable maintenance service provider for APC Galaxy equipment. Certificate for maintenance performed shall be submitted to the Department. 8.5 Temperature and Humidity Temperature and Humidity monitoring devices shall be implemented and set to monitor deviations against baseline set according to standard recommended by IT SECTION. 8.6 Environment Monitoring 8.6.1 A number of monitors shall be put in place to report on issues affecting the Data Centre environment. Monitoring system shall report to designated IT and Security personnel 8.6.2 Monitoring shall include: 8.6.2.1 Temperature and Humidity alarms; 8.6.2.2 Fire and Smoke Detectors; 8.6.2.3 UPS malfunctioning or discharge during normal AC power operation; and 8.6.2.4 Daily monitoring. Draft: Data Centre Access Control and Environmental Policy Page 12

8.7 Service shall be done biannually by a reputable maintenance service provider for EnviroCabinets equipment. Certificate for maintenance performed shall be submitted to the Department. 8.7 Dust Prevention 8.7.1 The Data Centre shall be well ventilated to prevent dust from affecting equipments. 8.7.2 Equipment to be installed in the Data Centre shall be dust freed outside before introduced in the Data Centre. 8.8. Waste Disposal and Cleaning 8.8.1 Cardboard and other items that can generate dust and that are easily combustible should remain outside the Data Centre. 8.8.2 Waste bin shall be available outside the Data Centre main entrance for easy disposal of other items of waste. 9. Change and Configuration Management 9.1 The IT Manager is responsible for all changes that shall take place at the Data Centre 9.2 All changes to be made shall be requested to and authorised by the IT Manager. 9.3 The Manager will monitor and review the Data Centre access log book on a regular basis. 9. Consequences of Non-Compliance Non-compliance of this policy may lead to disciplinary actions, legal liability as well as dismissal. Draft: Data Centre Access Control and Environmental Policy Page 13

10. Policy Review This policy shall be reviewed annually. 11. Implementation This policy comes into effect from the date of approval. Draft: Data Centre Access Control and Environmental Policy Page 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information