Data Center Access

  Document Title

CCIT Data Center Access Policy

Executive Summary

This Information Security Policy describes the safeguards implemented for the practices and procedures for providing controlled physical access to the Data Center machine rooms located both at ITC and Poole and Agricultural buildings on campus. These standards of practice are established to:

  • Identify those who will have unrestricted access to facilities
  • Identify those who will have limited access that is reviewed on a re-occurring annual
    basis.
  • Provide a means of granting access to persons who “need” access.

This Information Security Program also identifies mechanisms to:

  • Receive/grant access to the facility by those not identified prior
  • Control flow of traffic into and out of facility
  • Provide means of check in/out of users/visitors to the facility
  • Inform authorized users of acceptable use within the facility

Purpose

The purpose of this policy is to ensure the preservation of Clemson University‟s central Information Technology and Computing services, the security of equipment, personnel and the protection of sensitive data. This policy is provided for regulating access to CCIT‟s Information Technology Center and Poole Agriculture Building Data Centers. It is imperative the operational access control be administered to secure these locations.

Policy

Unrestricted access to the Data Centers will be limited to only those personnel working within the spaces, responsible for the environments or charged with the administration of equipment stored therein. Exceptions to this level of access will only be granted to those personnel with a “need” for unrestricted access.

  • All requests must provide an appropriate justification for access.
  • Admittance into Data Centers shall only be authorized through a written request by the individual‟s Director to the ISO Director of Data Center Facilities. Please refer to General
    Guidelines for process.
  • Exception access to the Data Centers will expire after 12 months. If access continues to be required after this period, the individual must resubmit an access request.

Communications (who needs to know, who does it affect or apply to)

This policy applies to all University staff, faculty, administrators, officers and students (collectively, “users”), including those in partnership with Clemson University through
affiliations, recognized vendors and/or those operating under contractual obligations seeking continual/annual/visitor access to the Data Center machine room located at ITC or Poole and Agricultural buildings.

General Guidelines (broad and inclusive)

Application Process: Individuals requesting access must complete a CCIT Data Center Access Request Form. This form is available for download at https://twiki.clemson.edu/twiki/bin/view/CSO/PmAreaOperations. This form must be completed in full, signed by the requestor’s Director or Executive Director and provided to CCIT’s ISO Director of Data Center Facilities, or selected designee. Upon review and verification of need for access, the Director of Data Center Facilities will establish access and inform the requestor and their Director that access has been granted or denied.

Data Center Access Guidelines: Individuals granted access to the Data Centers will be required to review the CCIT Data Center Usage Guidelines prior to initial access. Failure to adhere to these guidelines shall result in the loss of access privileges. These guidelines cover important procedures such as but not limited to:

  • The west door in the ITC Data Center shall only be used as an emergency exit from the Data Center. Any other use of this door is prohibited.
  • No visitors to the CCIT Data Centers may be left unescorted.
  • No food or drink of any type is permitted in the Data Center.
  • No equipment shall be stored on the raised flooring (non-racked equipment) without the express permission of the Data Center Coordinator.
  • No photographs may be taken in the Data Centers without prior approval from the Director of Data Center Facilities and/or The Office of Information Security and Privacy.

There are various levels of access. Some personnel, because of their job duties, will be able to use their Clemson University ID card to open the North door of the ITC Data Center and the West door of the P&A Data Center. All others who are authorized for access must use the sign-in log and will be asked to present valid identification to the Analyst on duty. Failure to present proper identification may result in denial of access to the Data Center.

Activities within the Data Center shall be restricted, as much as is reasonably possible, to the area where the visitor’s equipment and/or systems are stationed.

Tours of CCIT‟s Data Centers must be requested and coordinated in advance with the ISO Director of Data Center Facilities.

If an unauthorized person is escorted into the Data Center the authorized visitor must remain with that person at all times while they are in the Data Center.

The Data Center is monitored by cameras at all times; therefore, the activities of all individuals in the Data Center shall be recorded. By completing a request form you are expected to know that you, your activities, and anyone you might be in company with are being video recorded.

All visitors are required to report to the Operations Analyst on duty any problems within the Data Center and/or any violation of any Data Center policies or procedures.

Definitions

CCIT Data Center — climate-controlled, physically secured room(s) dedicated to the support of computer systems, network systems, or other related hardware. The CCIT Data Centers are located in the ITC and P&A buildings.

Operations Staff — those individuals tasked with monitoring and other operational tasks related to systems located within a CCIT Data Center. These staff members are in the CCIT ISO Operations unit.

Data Center Coordinator — the designated staff member within ISO Operations responsible for the administration, configuration and environments within the CCIT Data Centers.

Service Manager — the manager of a unit whose services are supported by the system in question, or the manager of the unit responsible for continued maintenance of the system on behalf of the service unit.

System Administrator — the person or persons responsible for technical and software support for the system in question.

Data Centers – the machine room facilities located at the ITC building and the machine room facility located on the basement level Poole building.

ISO — Infrastructure Systems and Operations

 

Revision History

Revision Date Revision Number Change Made Reviewed By
June 08, 2015 1.5 Update of organizational references HWS

 

 

Related Links

Safe Computing

Password Reset

CU Policies: Faculty/Staff

CU Policies: Students

Academic Policies

HR Policies & Procedures

Information Security &
Privacy at Clemson

The Office of Information Security and Privacy is part of CCIT's Customer Services & Information and Privacy department, led by Hal Stone.

In addition to overseeing CCIT information policies and standards, the group serves to inform users and support personnel of possible threats to Clemson University computing resources and to disseminate recovery information quickly so that minimum downtime is experienced.

Related Links

Safe Computing

Password Reset

CU Policies: Faculty/Staff

CU Policies: Students

Academic Policies

HR Policies & Procedures

Information Security &
Privacy at Clemson

The Office of Information Security and Privacy is part of CCIT's Customer Services & Information and Privacy department, led by Hal Stone.

In addition to overseeing CCIT information policies and standards, the group serves to inform users and support personnel of possible threats to Clemson University computing resources and to disseminate recovery information quickly so that minimum downtime is experienced.