1.10 Datacenter Security Standard

1.10.1. Overview

See purpose.

1.10.2. Purpose

The purpose for this standard is to establish the minimum requirements for controlling physical access to all datacenters, IDFs and MDFs on campus.

1.10.3. Scope

All employees, contractors, consultants, temporary and other workers at Highline College and its subsidiaries must adhere to this standard. This standard applies to server equipment that is owned, operated, or leased by Highline College or registered under a Highline College-owned internal network domain.

1.10.4. Standard

1.10.4.1 No one works in the datacenter without a member of the Infrastructure team accompanying them for the duration of the work.

1.10.4.2 No unannounced visits from Contractors/ Vendors. If we aren’t expecting them they may not get access to the datacenter.

1.10.4.3 Proof of company affiliation: This may be as simple as a company ID.

1.10.4.4 There will be a sign in sheet at the door of the datacenter to record who is there, company name, as well as staff member escorting them.

1.10.4.5 Entire Infrastructure team is to be notified (via slack or other means) of what work is being done and where.

1.10.5. Compliance

1.10.5.1 Compliance Measurement

ITS will verify compliance to this standard through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the standard owner.

1.10.5.2 Exceptions

Any exception to the standard must be approved by ITS in advance.

1.10.5.3 Non-Compliance

An employee found to have violated this standard may be subject to disciplinary action, up to and including termination of employment.

1.10.6. Related Standards, Policies, and Processes

None

1.10.7. Revision History