Posted by: Yasir Irfan
Authorized Access List, computer hardware, Data Center, Data Center access, Data Center Physical security policy, Data Center Security Policies and Practices, Electro-magnetic devices, outsourced, Radioactive materials, Routers, SANs, security solutions, Servers farms, staff access contractors access, Switches, vendors
In my previous article we came across the Data Center physical security policy and procedures and now let’s see the more about the access provided to Data Centers, basically there are three “Levels of Access” to the Data Center.
1) ITKE* employees
2) Contractors /Outsourced companies
3) Visitor Engineers Access (Vendors)
1 ITKE* staff Access
It is given to people who have free access authority into the Data Center. ITKE* staff Access is granted to the ITKE* staff whose job responsibilities require that they have access to the area. These individuals also have the authority to grant temporary access to the Data Center and to enable others to enter and leave the Data Center. People with ITKE* staff Access are responsible for the security of the area, and for any individuals that they allow into the Data Center they MUST listed on Authorized Access List. Individuals with ITKE* staff Access to the area may allow properly authorized and logged individuals (sign in and out) for contractors and visitor engineers when they Access to the Data Center.
2 Contractors/ Outsourced companies Access
It is closely monitored access given to people who have a business need for infrequent access to the Data Center. “Infrequent access” is generally defined as access required for pried of time (depend on the contract). A person given Contractors Access to the area MUST sign in and out under the direct supervision of a person with Controlling Access. A person with Contractors Access to the area MUST NOT allow any other person to enter or leave the area until have permission from ITKE* staff Access. Only those Representatives identified in writing by the Customer on the ITKE* Data Centre Access Authorization List Form may make request to enter the Data Centre. Each Customer MUST ensure that the Representatives and the accompanying persons do NOT take any actions that Customer is prohibited from taking under this Policy.
3 Visitor Engineers Access (Vendors)
It is granted to a person from vendors who have to do insulation or some work in the data center. A person given visitor engineers access to the area MUST sign in and out and submit report under the direct supervision of a person with Controlling Access. A person with visitor engineer’s access to the area MUST NOT allow any other person to enter or leave the area. Maximum of 3 persons, of whom at least one MUST be a Representative, may enter the Data Centre at the same time. For security reasons, all visitors (Representatives and accompanying persons) will be requested to show his/her STAFF ID or Passport for verification. He/she will be refused to enter the Data Centre if the required credentials CANNOT be shown.
In upcoming post let’s continue our journey with the policy and procedures related to Data Center access.