• No results found

IT FACILITY STANDARD NO. 5 DATA CENTER & IT FACILITY ACCESS

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "IT FACILITY STANDARD NO. 5 DATA CENTER & IT FACILITY ACCESS"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

Page 1 of 6 Function Affected:

IT Facilities including data centers and network rooms (BDFs and IDFs)

Issued Date: 06/01/15 Issue Superseded: 12/15/13

Number of Pages: 6

I. Background

The UCSF data centers and network rooms such as BDFs and IDFs are critical to the health care, academic and research missions as well as University business functions. Ensuring the physical security of these facilities is an important way of protecting these critical assets. The primary goal of this standard is to maximize facility security while at the same time enabling access to those who are authorized.

II. Card Key System

Access to the data center and some network rooms is restricted via the UCSF card key system (ProWatch). This campus-wide system is administrated by the UCSF Police Department and supported by UCSF Facilities Services. Card key activation and authorization for the Data Centers is managed by the IT Facilities group. Network room access is managed by the Network Operations group. Access is granted based upon the following criteria:

1. Staff with work assignments inside the facility.

2. System administration staff requiring frequent access to the facility during or outside standard work hours to resolve system problems. 3. UCSF Police Officers

4. Facility Services Technicians supporting the facility

5. Members of the IT Departmental Emergency Operation Center

responding to a declared emergency. This access is only available for the 654 Minnesota St. location and is limited to the Command Center portion the facility.

(2)

Page 2 of 6

Overall security is improved by limiting the number of individuals with facility access.

III. Card Keys Holder Rules

Those granted card key access must abide by the following rules:

1. UCSF Photo identification badges must be worn above the waist and be clearly visible, at all times.

2. Card keys must not be loaned or used to allow access to any unauthorized person.

3. Access to all secure areas should be handled with the use of a card key. Card Key holders must not access areas for which they do not have approved authorization.

4. Equipment Log – any equipment taken out of the data centers (repair / replacement / de-commissioned, etc.) is to be documented in the log (make, model, description, serial number of the item and if it is part of a system, provide additional info of the parent equipment – make, model, description, serial number etc.). The log is to undergo regular review. 5. Card key holders must not touch equipment and supplies belonging to

other departments. The IT Facilities group will provide access to tools or other equipment mounting supplies for use at one of the data centers.

6. Lost or stolen card keys must be reported to the card key holder’s manager, IT Facilities at (415) 476-2643 and the UCSF Police Department.

7. Everyone requiring access to the data centers outside of regular business hours (0800 to 1700, M-F) must log in and out.

8. Food, drink or other fluids are not allowed in the IT facility equipment areas.

9. All problems or emergency situations must be immediately reported to IT Facilities and Computer Operations for data centers or Network Operations for network rooms.

(3)

Page 3 of 6

10. IT facilities are only to be accessed to meet business requirements. Loitering will not be tolerated.

Any rule violation may result in a revoking of card key access. IV. Authorized Entry Without a Card Key

A database of all individuals with data center access is maintained in the card key system. This database is the record for all access approval and the source of authorization for granting access to individuals who have forgotten or lost their card key. Any authorized individual granted access without a card key is required to log in and out and agree they will adhere to the Data Center and IT Facility Access Standard policy.

The following Identification is required for all data center and IT facility visitors without card key access:

1. UCSF staff members: UCSF ID (Campus and Medical Center) along with government issued photo ID

2. Non-UCSF visitors: Associated vendor (company issued employee ID) along with government issued photo ID

V. Vendor and Visitor Access to Perform Work

Work performed by vendors and visitors must be documented in an approved change ticket in ServiceNow. The change ticket must include the following critical information:

GENERAL INFORMATION 1. Change Request #

2. Associated Vendor Ticket/Case #

3. Brief Description of Work to be Performed

4. Company Name Requesting Access (List Individual’s Names in Step #8 Below)

5. UCSF Sponsor Approving Visitor Access

6. UCSF Business Application Owner (if applicable) 7. UCSF Application Admin (if applicable)

INDIVIDUALS (UCSF IT & VISITOR) ASSIGNED TO THE WORK & REQUIRE ACCESS 8. List ALL names (UCSF IT & Visitor’s) -

list names, mobile, title & role of those that require access and scheduled to be in the Data Center or Network Closet

Contact Name Mobile # Title & Assigned Role

(4)

Page 4 of 6 during CHG or via remote access into

system.

DATE & TIME SCHEDULING

9. Scheduled Date & Time of Arrival for Visitor 10. Planned Date(s) for Visitor Access

11. Planned Hours for Visitor Access (Start/End Time)

VISITOR ONSITE OR REMOTE ACCESS - If Onsite, complete Steps #12-16 and continue to Step #19. If Remote, complete Steps #17-18 and continue to Step #19.

12. ONSITE: Who is Visitor Escort Into Data Center or Network Closet?

13. ONSITE: Will Visitor be supervised entire time? If yes, by who? If no, why?

14. ONSITE: If Visitor NOT supervised entire time, what Director approved unsupervised visit? And, explain why unsupervised.

15. ONSITE: Why can’t Visitor perform work via remote VPN access?

16. ONSITE: Can Visitor perform work at computer adjacent to Data Center? If no, briefly explain. 17. REMOTE: If remote access, is there UCSF oversight

throughout entire CHG, e.g., observing Visitor work via WebEx session? If yes, by who? If no, explain why. 18. REMOTE: If Visitor NOT supervised entire time, what

Director approved unsupervised remote access? And, explain why unsupervised.

SERVER / SYSTEM CHANGE INFORMATION

19. Host name: ---> LIST ALL HOSTS. IP: --->

Cabinet: ----> Rack Unit #: ---> 20.  Are server and/or systems backed up? If not, explain.

 Provide date of last successful backup.

 If virtual machine, snapshot required? (Snapshots are deleted 48-hours after capture time)

21. List any other applications on the server. If none, write none.

22. Proceed to (“Visitor Step-by-Step CHG PROCEDURE” section below)

VISITOR’S STEP-BY-STEP CHANGE INFORMATION - INCLUDE VALIDATION & CONTINGENCY PLAN/EXIT STRATEGY

CHG PROCEDURE VISITOR STEP‐BY STEP PROCEDURE  OR ATTACH VISITOR MOP

(5)

Page 5 of 6 1.        2.        3.        4.        5.       

The change assignee or sponsor must meet the vendor or visitor to escort them and oversee their work.

All vendors, regardless of access authorization status must sign the log. Vendors and visitors granted data center access must abide by the following rules:

1. UCSF issued ID must be worn at the waist or above, and clearly visible, at all times.

i. Non-UCSF vendors: Present a company issued employee ID along with government issued photo ID (driver license, passport, etc.)

ii. Non-UCSF visitors: Present a government issued photo ID 2. Access to all secure areas within the data center should be handled

with the use of a card key. Vendors and visitors must not attempt to access card-key controlled areas without the appropriate escort. 3. Vendors and visitors must not touch equipment and supplies other

than the equipment they are on-site to support that has been

documented in the visitor access template and Change Request ticket. If necessary, IT Facilities will facilitate access to tools or other

equipment mounting supplies.

4. Equipment Log – Any equipment taken out of the data centers (repair / replacement / de-commissioned, etc.) is to be documented in the log (make, model, description, serial number of the item and if it is part of a system, provide additional info of the parent equipment – make, model, description, serial number etc.). The log is to undergo regular review. 5. Food, drink or other fluids are not allowed in the IT facility equipment

areas.

6. All problems or emergency situations must be immediately reported to IT Facilities and Computer Operations for data centers or Network Operations for network facilities

(6)

Page 6 of 6

7. IT facilities are only to be accessed to meet business requirements Loitering will not be tolerated.

VI. Other Visitors

1. All other visitors must sign the log and be escorted the entire time they are in the facility.

VII. Data Center Card Key Access Review

1. An Outlook calendar reminder is set for the Data Center Card Key Access Authorization Review to occur on the second Friday of the first month of each quarter.

2. The Senior IT Facilities Coordinator pulls the ProWatch authorized access report for the Data Center Card Key controlled doors. 3. The reports are sent to the IT Facilities Manager to review.

4. The IT Facilities Manager instructs the Senior IT Facilities Coordinator to deactivate access for any unauthorized individuals.

5. The IT Facilities Manager posts copies of the quarterly report to UCSF Box IT Facilities folder.

References

Download now ( PDF - 6 Page - 95.11 KB )

Related documents

Statistical distances and their applications to biophysical parameter estimation: information measures, m-estimates, and minimum contrast methods

In Figure 1 residual errors in broadleaf biophysical parameters obtained from BRF reflectances by using LSE are compared with errors obtained by Hellinger (Equation ( 10 )) and

On Learning Algorithms for Nash Equilibria

For this simple game, we show via a potential function argument that in a variety of settings the multiplicative updates algorithm impressively fails to find the unique

Design and development of lift for an automatic car parking system

This mechanism is used to push the pallet from lift cart away from cart as well as to pull the pallet towards the lift cart.. Design the frame

ALINTA ENERGY (ALTN)

The MEP must provide the registry manager with the required metering information for each metering installation the MEP is responsible for, and update the registry metering records

Leveraging Telecommunication Capabilities: Integrating Telemedicine, Health Information Exchange and Electronic Health Records Systems

State Level Governance of Health Information Exchange © Image Research 2014.. Using the EHR as a

University of Nevada, Reno. UNR Building Access Cards and Key Control Procedures 1

In the event a building access card is lost or stolen, the individual whose card is missing must immediately notify their supervisor or department head to report the loss and then

SITXEVT302 Process and monitor event registrations

Approved Page 2 of 10 © Commonwealth of Australia, 2013 Service Skills Australia SITXEVT302 Process and monitor event registrations.. Modification

Network Troubleshooting Networking

• The File and printer sharing for Microsoft Networks appears in the installed network