|Category||Information & Communications Technology|
|Approved by||Director Information Technology Services|
|Date Guideline Took Effect||20 October 2011|
|Last Approved Revision|
|Sponsor||Infrastructure and Applications Manager|
|Responsible Officer||Operations Services Manager|
|Review Date||1 October 2013|
The purpose of these Guidelines is to ensure that access to ITS’s data centres is restricted to ensure safety and integrity of University data and the equipment which is stored in the data centres.
These guidelines apply to all parties who wish to access the data centres.
Access Control Specifications - A procedure by which access to the data centre is both controlled and monitored.
Data Centres - A data centre refers to a secure facility which houses computer systems and associated computer hardware, such as telecommunications and data storage systems. The data centres include redundant and backup power supplies, redundant data communications connections, environmental controls (e.g. air conditioning and fire suppression) and security devices. The data centres are designed to ensure that the servers and the data retained on them are protected from environmental hazards and security breaches.
An Emergency - An emergency is an event that significantly impacts on the operation of the University or part thereof.
Access to data centres will be granted to the following groups and Access Control Specifications.
(a) Group A:
(i) Specified positions within ITS whose role stipulates that they are responsible for operating and / or maintaining the data centre and / or its equipment.
(ii) This group will be listed in Appendix A. This list will be maintained by the Manager, Operations Services.
(iii) Access Control Specifications for Group A
Work requiring access to the data centres should wherever practical be scheduled between 8:30am and 5:00pm Monday – Friday. Exceptions to this requirement must either be approved by Manager, Operations Services (or delegate), in writing or be treated as Urgent Access as per Clause 3.
(b) Group B:
(i) People who require access to the data centres to maintain or service specific equipment in the data centre. This group will be listed in Appendix A. For example (but not limited to): systems administrators from other University departments, vendor engineers.
(ii) Access Control Specifications for Group B
Access to data centres is permitted while accompanied by a member of Group A (i.e., as long as someone from Group A is present for the duration of the visit).
(iii) Access will normally be limited to between 8:30am and 5:00pm Monday – Friday.
(iv) This list will be maintained by the Manager, Operations Services.
(c) Group C:
(i) People who are interested in the data centres may request a guided tour.
(ii) Access Control Specifications for Group C
Access will require prior approval by Manager, Operations Services on a case-by-case basis. Access is granted only when visits will not compromise efficient operations of the data centre.
2. After Hours Access
Any planned access (outside normal hours) must be pre-approved by the Manager, Operations Services (or delegate) in writing.
3. Urgent Access
Where access is required in an Emergency:
(a) Group A members may access the data centre in an emergency.
(b) Group B members may access the data centre in an emergency without:
(i) Escort by a Group A member or
(ii) Prior written approval by the Manager Operations Services.
(iii) In an emergency Group B members will gain access by contacting Campus Watch who will provide access and stay for the duration, then ensure the data centre is secured after the event.
(iv) Any urgent access will be considered a significant event. An incident report will be completed and copied to the Director, ITS and Manager, Infrastructure and Applications.
4. General Rules for Access
Anyone permitted access to the data centres will adhere to Procedure and Guidelines for Safely Performing Work in an Active Data Centre (including cleanliness). These procedures are attached as Appendix B. These procedures may be updated periodically by the Manager, Operations Services.
Related Policies, Procedures and Forms
- Server Registration Policy
- Software Licence Compliance Policy
- Internet Domain Names Procedure
- Server Administration Procedure
- Software Security Updates (Patching) Procedure
- University Network Interconnection Procedure
Procedures and Guidelines for Safely Performing Work in an Active Data Centre (See Appendix B)
Operations Requirements for Installing/Removing and Modification of Equipment (See Appendix B)