Policy & Procedure: University of Minnesota Duluth
The ITSS Data Center is vitally important to the ongoing operations of the University of Minnesota Duluth. The following policies and procedures are necessary to ensure the security and reliability of systems residing in the Data Center.
1.1 Role Definitions
Authorized Staff: University employees (ITSS and other departments) who are authorized to gain access to the Data Center via an individual Access Key Card and security code.
Visitors: All other personnel who may occasionally visit the Data Center but who do not have individual access and are not authorized to be in the Data Center without escort.
2.1 Access to the Data Center
In order to ensure the systems housed within the data center are kept secure, the following policies apply to all personnel requiring access:
- All personnel who access the Data Center must have proper authorization.
- Authorized Staff: Authorization is provided by ITSS Management.
- Visitors: Authorization is provided by Authorized Staff and/or ITSS Management.
- All personnel in the Data Center must wear proper identification at all times.
- Authorized Staff: must wear a valid University security or identification badge.
- Visitors: must wear a Visitors badge.
3.1 Access Authorization
Authorized Staff must be approved by ITSS Management for unescorted access within the Data Center. Authorizations will only be approved for individuals who are responsible for installation and/or maintenance of equipment housed in the Data Center, or for safety and security access.
Approval processes are as follows:
- Authorization access is determined by ITSS Management.
- If approved, the Authorized Staff member will be added to the authorization database and will receive an Access Key Card and security alarm code.
- Authorized Staff may enter from either the KPlz 361 or the KPlz 381 (set up room ) entrance.
3.2 Visitor Procedures
Visitor access must be sponsored by an Authorized Staff and/or ITSS Management. Visitors must adhere to the following procedures:
- All Visitors must enter through the KPlz 381 (set up room) entrance.
- Visitors must be accompanied by an Authorized Staff member at all times while in the Data Center. Exceptions to this policy must have the approval of an ITSS Manager.
- Visitors must log in/out when entering/exiting the Data Center. The purpose of the visit must be documented.
- Visitors must wear a Visitors badge at all times.
- Visits should be scheduled at least 24 business hours in advance. Unscheduled visits to install equipment or perform other tasks may be turned away.
3.3 Audit Procedures
- ITSS Management will review the access list for Authorized Staff quarterly.
- All entrances and exits to the Data Center are automatically logged by Access Key Card; the electronic access log is reviewed weekly by ITSS Managers.
The Visitor Sign In/Out Log is reviewed quarterly by ITSS Managers.