This will be my last series on Data Center Security Policies and Procedures, I will be covering the Exception Reporting and Requesting Access to the Data Center
- 1. Exception Reporting
All infractions of the Data Center Physical Security Policies and Procedures shall been reported to the ITKE*. If warranted (e.g., emergency, imminent danger, etc.).
When an unauthorized individual is found in the DataCenterit must be reported immediately to the responsible ITKE* member. If this occurs during the evening hours, IT call center or ITKE* senior staff should be contacted. The unauthorized individual should be escorted from theDataCenter and a full written report should be immediately submitted to ITKE*.
- 2. Requesting Access to the Data Center
Departments / Projects that have computer equipment in the DataCentermay request access to the DataCenter. The individuals designated by the requesting department/project will be granted access once ITKE* authorized them. To initiate authorization for access, the manager of the department/project requesting access should direct a request to the ITKE* . Upon approval by the Head of ITKE*, the person will fill the “Datacenter Access Request Form” and be provided with a copy of the ITKE* Data Center Access Policies and Procedures document. A person’s department must notify the ITKE* as soon as possible so that the person’s access to the Data Center can be removed. This is extremely important in cases where the employee was terminated for cause. ITKE* – reserves the right not to allow entrance to the Data Centre if the Data Centre already has too many companies performing works.
- It is the responsibility of the ITKE*, End-user Departments, contractors/ vendors/representative to ensure implementation of this IPP.
- Respective department heads are responsible for ensuring adherence to the provisions of this IPP.
- Audit and Follow-Up Administration will monitor compliance to the provisions stipulated herein.
I hope the policies covered in these series of article will help you out to draft an effective Data Center policy.
*ITKE is used just as reference which can be replaced by your organization or department name