Approver(s):
Authorizes Release:
Responsible Area:
Review Cycle:
Last Review:
Related Policies and Additional References:
None
Introduction
The Information Services Data Centers house St. Mary’s University’s mission-critical computing and networking resources. These facilities provide a stable, secure environment with enhanced security measures, uninterruptible power supply, high-speed network connectivity, and other essential features.
Purpose
This policy outlines the procedures for maintaining a secure and safe environment within the Data Centers. All individuals working in or visiting the Data Centers must understand and comply with these procedures. The policy is designed to meet industry standards and best practices.
Overview
Access to the Data Centers is controlled to protect the physical resources and enterprise data from unauthorized access, accidental or malicious damage, and theft. Access will only be granted when a legitimate business need is demonstrated. This policy specifies the criteria for granting access to specific individuals or groups.
Failure to follow this policy is considered grounds for dismissal and/or prosecution for University employees, and termination of agreements and subsequent legal action for vendors, consultants, or contractors.
Any questions regarding this policy should be addressed to the Executive Director of Client & Systems Support Services. This policy may be suspended in the event of an emergency requiring access for medical, fire, or police personnel.
Data Center Access
Rattler Card access and unsupervised 24×7 access to the Data Centers will be granted only to individuals with an approved and demonstrated business need for regular access. Those requiring infrequent access will be granted escorted access as needed.
Individuals with unescorted access may escort and supervise unauthorized individuals, provided all individuals are logged on entry and exit. Rattler Cards belonging to authorized individuals cannot be loaned to unauthorized individuals; such action is grounds for disciplinary action. There are no temporary or blank access cards available.
Violations of the Data Center Access Agreement can result in the removal of access. Individuals whose access is revoked may face additional disciplinary actions, pending review by the responsible supervisor.
Levels of Access
Escorted
St. Mary’s University employees, vendors, contractors, and other individuals who have an infrequent need for Data Center access will be granted Escorted status and will not have Rattler Card access. Escorted access will be provided primarily during normal business hours. After-hours escorted access will be granted on an emergency or pre-arranged basis only.
Individuals requesting escorted access must be signed in and out in the Data Center access log by an IS staff member. Escorted individuals are required to provide identification on demand, leave the facility when requested, and not allow any other person access to the Data Center.
In the event of an emergency requiring after-hours access, please contact campus police at: 210-431-1911.
Unescorted
Individuals with a legitimate business need and job requirements necessitating regular access to the Data Center will be granted 24/7 unescorted access. When multiple individuals with unescorted access enter simultaneously, everyone will use their Rattler Card prior to entering to ensure each entry is logged and available for audit. Please refer to Appendix B: Data Center Unescorted Access Procedure for more information.
Data Center Tours
All visitors must sign in and out and must be escorted while touring the Data Centers.
Maintenance and Custodial Staff
University maintenance and custodial staff must be escorted when accessing the Data Centers. All facilities staff must sign the access log upon entering and leaving the Data Center.
University maintenance employees may enter the Data Center unescorted in emergency situations (e.g., water leaks, power issues). Once the emergency is remediated or under control, the access log will be updated retroactively.
First Responders
Campus first responders are granted unescorted access to the Data Centers.
Periodic Review and Termination of Access
The Executive Director of Client & Systems Support or Director Systems Support Services will review the access list annually and remove any individuals who no longer have a legitimate business need to access the Data Centers.
As part of the employee exit procedure, the IS staff will be notified when employees leave the department. An IS Director will request the immediate removal of access rights if the departing employee has Data Center access.
Unauthorized Access Reporting
Any unauthorized access to the Data Center must be reported to the Executive Director of Client & Systems Support Services, who will determine if the incident needs to be reported to the campus police. If the Executive Director is unavailable, contact another member of the IS management team.
Attempts to forcibly enter the Data Center must be immediately reported to campus police.
Any incidents must be documented and stored in the designated location on SharePoint.
Appendices
- Appendix A: Data Center Access Agreement
- Appendix B: Data Center Unescorted Access Procedure
- Appendix C: Unescorted Personnel Access List
- Appendix D: Visitor Access Log
Definitions
Data Centers: Facilities provided by Information Services (IS) housing critical enterprise computing and networking resources of St. Mary’s University.
Data Center Tours: Scheduled visits to Data Centers, requiring sign-in, sign-out, and escort by authorized personnel.
Escorted Access: Access to Data Centers granted to individuals with infrequent needs, requiring supervision by IS staff during entry and exit.
First Responders: Campus personnel authorized for immediate response to emergencies, granted unescorted access to Data Centers.
Maintenance and Custodial Staff: University personnel responsible for facility upkeep and cleanliness, requiring escort and documentation during Data Center access.
Rattler Card: University-issued identification card granting access to Data Centers.
Unescorted Access: Access granted to personnel with demonstrated business needs, allowing 24/7 entry to Data Centers using Rattler Card authentication.