Network Operations Center Access

1.0 Overview

This policy is designed to outline the security requirements for the University datacenter and define the levels of access that are permitted based on job duty.

2.0 Purpose

Provide specific access guidelines and permissions to the datacenter based on need.

3.0 Scope

This policy impacts any individual who currently has access or has requested access to the datacenter.

4.0 Policy

The datacenter is to remain secured at all times.  At no time should a door be left ajar and un-tended.  Individuals requiring access to the datacenter must request this access via the Directors of IT Operations or the CIO.  Access will be granted for those who can demonstrate a need to access the datacenter due to their job duties.

Those authorized to enter the datacenter will be issued a swipe card.  This card will unlock the datacenter door(s) based on the rules set forth in this document.

Guests may access the datacenter while accompanied by an authorized user.  This authorized user is thus responsible for any actions of the guest, and may not at any time leave the guest in the datacenter unsupervised without prior approval of the Directors of IT Operations.

Datacenter users will be placed into one of these categories with the resulting level of access:

  • Campus Safety and Security
    • This group includes all members of the Campus Safety and Security staff.
  • Full-Access Staff Members
    • This group is comprised of all OIT staff members that are directly responsible for one or more systems housed within the datacenter, participate in the on-call schedule and the CIO.  Access to the datacenter is granted to these individuals at any time.
  • Student employees
    • This group is comprised of student employees who need to access the datacenter during the normal course of their duties.  Access will be granted during each student’s normal working hours – business hours only.
  • Temporary/Vendors
    • This group consists of a small number of cards that may be loaned out to vendors or other individuals who require temporary access to the datacenter.  Cards may be requested from the Technical Director of IT Operations.  The requestor will assume responsibility for all actions of the recipient, and are additionally responsible to ensure that the card is returned or deactivated immediately when the need for access is no longer present.

Those having access to the datacenter also have the responsibility to report suspected unauthorized access to the CIO (or the Directors of IT Operations in the CIO’s absence).  The CIO will initiate an investigation into all reports of unauthorized access.

5.0 Enforcement

Failure to follow this policy will result in the offender(s) being subject to disciplinary action up to and including dismissal.  Individuals who gain access to the datacenter by means other than those outlined in this document will be considered trespassing and will be referred to Human Resources or the Dean of Students as appropriate.

6.0 Definitions

NOC – Network Operations Center – Room 222 ERC

Guest – Anyone not considered an authorized staff member

7.0 Revision History

Draft Policy v0.1 – 25 January 2005 – bhuntley

Draft Policy v0.2 – 14 March 2005 – bhuntley

Draft Policy v0.3 – 02 August 2005 – jfiske

Draft Policy v0.3 – 11 September 2007 – jfiske

Draft Policy v0.4 – 21 September 2007 – jfiske, bhuntley