1)      ITKE* employees

2)      Contractors /Outsourced companies

3)      Visitor Engineers Access (Vendors)

1 ITKE* staff Access

It is given to people who have free access authority into the Data Center. ITKE* staff Access is granted to the ITKE* staff whose job responsibilities require that they have access to the area. These individuals also have the authority to grant temporary access to the Data Center and to enable others to enter and leave the Data Center. People with ITKE* staff Access are responsible for the security of the area, and for any individuals that they allow into the Data Center they MUST listed on Authorized Access List.  Individuals with ITKE* staff Access to the area may allow properly authorized and logged individuals (sign in and out) for contractors and visitor engineers when they Access to the Data Center.

2 Contractors/ Outsourced companies Access

It is closely monitored access given to people who have a business need for infrequent access to the Data Center. “Infrequent access” is generally defined as access required for pried of time (depend on the contract). A person given Contractors Access to the area MUST sign in and out under the direct supervision of a person with Controlling Access. A person with Contractors Access to the area MUST NOT allow any other person to enter or leave the area until have permission from ITKE* staff Access. Only those Representatives identified in writing by the Customer on the ITKE* Data Centre Access Authorization List Form may make request to enter the Data Centre. Each Customer MUST ensure that the Representatives and the accompanying persons do NOT take any actions that Customer is prohibited from taking under this Policy.

3 Visitor Engineers Access (Vendors)

It is granted to a person from vendors who have to do insulation or some work in the data center. A person given visitor engineers access to the area MUST sign in and out and submit report under the direct supervision of a person with Controlling Access. A person with visitor engineer’s access to the area MUST NOT allow any other person to enter or leave the area. Maximum of 3 persons, of whom at least one MUST be a Representative, may enter the Data Centre at the same time. For security reasons, all visitors (Representatives and accompanying persons) will be requested to show his/her STAFF ID or Passport for verification. He/she will be refused to enter the Data Centre if the required credentials CANNOT be shown.

In upcoming post let’s continue our journey with the policy and procedures related to Data Center access.

In this particular part of my article I will try to focus on the Data Center physical security policy and procedures.

1. Overview

Security for the Data Center is the responsibility of all departments that are sharing the data center space. ITKE* is responsible for the administration of this policy. The following are the general requirements and policies to access to this sensitive area. Failure to follow the guidelines set forth in this document is grounds for termination of agreements and potential legal action.

Customer MUST NOT, except as otherwise agreed by ITKE*,

1. 1. Place any computer hardware or other equipment in the Licensed Area
   2. Store any other combustible materials of any kind in the Licensed Area; and
   3. Bring any “Prohibited Materials” (as defined below) into the Data Centre. Prohibited Materials shall include, but NOTlimited to, the following and any similar items:
      1. 1. Food, drink, illegal drugs and other intoxicants
         2. Tobacco products
         3. Explosives and weapons
         4. Hazardous materials
         5. Electro-magnetic devices, which could unreasonably interfere with computer and telecommunications equipment
         6. Radioactive materials
         7. Photographic or recording equipment of any kind
         8. Any other items deemed inappropriate at ITKE*’s sole discretion.

2. Primary Guidelines

The “Data Center” is a restricted area requiring a much greater level of control than normal spaces. Only those individuals who are authorized to do so by the ITKE* may enter this area.  Access privileges will only be granted to individuals who have business need to be in the data center.

All departmental staff sharing the Data Center will familiarize themselves thoroughly with this document. Any questions regarding policies and procedures should be addressed to ITKE*.

The only exception allowed to the Data Center Security Policies and Practices is temporary suspension of these rules if it becomes necessary to provide emergency access.

In upcoming article I will try to focus on levels of access can be provided to the Data Centers.

*ITKE is used just as reference which can be replaced by your organization or department name.