Skip to end of metadata
Go to start of metadata

1.0 Overview

This policy is designed to outline the security requirements for the University's datacenters and define the levels of access that are permitted based on job duty.   Make a test edit.

2.0 Purpose

This policy provides specific access guidelines and permissions to the University's datacenters based on business need.

3.0 Scope

This policy impacts any individual who currently has access or has requested access to any of the University's datacenters.

4.0 Policy

The datacenter is to remain secured at all times.  At no time should a door be left ajar and un-tended.  Individuals requiring access to the datacenter must request this access via the Directors of IT Operations or the CIO.  Access will be granted for those who can demonstrate a need to access the datacenter to adequately perform their job duties. 

Those authorized to enter the datacenter will be issued an access card.  This card will unlock the datacenter door(s) based on the rules set forth in this document. 

Guests may access the datacenter while accompanied by an authorized user.  This authorized user is responsible for any actions of the guest, and may not at any time leave the guest in the datacenter unsupervised without prior approval of the Directors of IT Operations or the CIO.

Datacenter users will be placed into one of these categories with the resulting level of access:

  • Campus Safety and Security
    • This group includes all members of the Campus Safety and Security staff.
  • Full-Access Staff Members
    • This group is comprised of all OIT staff members that are directly responsible for one or more systems housed within the datacenter, participate in the on-call schedule and the CIO.  Access to the datacenter is granted to these individuals at any time.
  • Student employees
    • This group is comprised of student employees who need to access the datacenter during the normal course of their duties.  Access will be granted during each student’s normal working hours - business hours only.
  • Temporary/Vendors
    • This group consists of a small number of cards that may be loaned out to vendors or other individuals who require temporary access to the datacenter.  Cards may be requested from the Technical Director of IT Operations.  The requestor will assume responsibility for all actions of the recipient, and are additionally responsible to ensure that the card is returned or deactivated immediately when the need for access is no longer present.

 Those having access to the datacenter also have the responsibility to report suspected unauthorized access to the CIO (or the Directors of IT Operations in the CIO’s absence).  The CIO will initiate an investigation into all reports of unauthorized access.

5.0 Enforcement

Failure to follow this policy will result in the offender(s) being subject to disciplinary action up to and including dismissal.  Individuals who gain access to the datacenter by means other than those outlined in this document will be considered trespassing and will be referred to Human Resources, the Dean of Students and/or local law enforcement as appropriate.

6.0 Definitions