The Data Center is vitally important to the ongoing operations of the University. The following policies and procedures are necessary to ensure the security and reliability of systems residing in the Data Center.
1.1 Role Definitions
- Data Center Employee:
- Division of IT employees who work at the Data Center
- Authorized Staff:
- University employees who are authorized to gain access to the Data Center but who do not work at the Data Center
- Authorized Vendor:
- All non-University employees who, through contractual arrangement and appropriate approvals, have access to the Data Center
- All other personnel who may occasionally visit the Data Center but are not authorized to be in the Data Center without escort
2.1 Access to the Data Center
In order to ensure the systems housed within the data center are kept secure, the following policies apply to all personnel requiring access:
- All personnel who access the Data Center must have proper authorization. Individuals without proper authorization will be considered a visitor.
- Visitors to the Data Center must adhere to the visitors’ guidelines (see section 3.2).
- Authorizations will be verified on a quarterly basis.
- All personnel must wear a valid University or vendor identification badge at all times.
- All personnel must sign in when entering the Data Center to document the time and purpose of their visit. They also must sign out when leaving.
- All personnel must enter through the Data Center’s north entrance and must wear a University ID or visitor’s ID at all times.
- Authorized staff will have access to the Data Center at any time.
- Systems housed within the Data Center that contain data classified as Level III or above will be monitored by Data Center employees through live video cameras.
2.2 Equipment in the Data Center
In an effort to maximize security and minimize disruptions, the following policies apply to all equipment housed in the Data Center.
- A form must be completed for all equipment installations, removals, and changes.
- Data Center employees will deny entry to authorized staff or vendors who intend to install, remove, or rename equipment without an accurate equipment form.
- Equipment housed within the Data Center must meet certain system specifications.
3.1 Access Authorization
University staff members must be pre-approved for unescorted access within the Data Center. Vendor access must be sponsored by an authorized staff member, or a dean, director, or department chair.
Authorizations will only be approved for individuals who are responsible for installation and/or maintenance of equipment housed in the Data Center. Approval processes are as follows:
- Authorization forms must be signed by the dean, director, or department chair of the person requesting access.
- After approval, the Division of IT Data Center manager will review and approve.
- If approved, the authorized staff member or vendor will be added to the authorization database, and the authorization form will be kept on file.
- Authorized staff/vendors will be allowed entrance into the Data Center by a Data Center employee but will then have unescorted access within the Data Center.
- Authorized staff/vendors are responsible for logging in/out when entering/exiting the Data Center. The purpose of the visit must be documented.
3.2 Visitor Procedures
Anyone who is not a Data Center employee, an authorized staff member, or authorized vendor is considered a visitor. All visitors to the Data Center must adhere to the following procedures:
- All visitors must enter through the north entrance of the Data Center.
- Visitors must be accompanied by either a Data Center employee or other authorized staff member at all times while in the Data Center. Exceptions to this policy must have the approval of the Data Center manager.
- Visitors must log in/out when entering/exiting the Data Center. The purpose of the visit must be documented.
- Visitors must wear a visitor’s badge at all times.
- Visits should be scheduled through the Data Center manager 573.884.3400 at least 24 business hours in advance. Unscheduled visits to install equipment or perform other tasks may be turned away.
3.3 Audit Procedures
- The Division of IT Data Center will send a list of authorized staff and authorized vendors to the appropriate dean, director, or department chair on a quarterly basis (January, April, July, and October) for review and verification.
- Each dean/director/department chair will review and update the list of authorized staff/vendors and return it to the Data Center manager within two weeks.
- Failure to return access audits will result in revocation of access privileges for previously authorized staff/vendors until such time as the audit is returned.
3.4 Equipment Installation
Authorized staff performing the installation must submit an installation form.
3.5 Equipment Removal
Authorized staff performing the removal must submit a removal form.
3.6 Equipment Renaming
Authorized staff performing the rename must submit a rename form.