Topics Map >

Data Center & Operations - Access Control Process - 6045, POD-B Data Center

This article explains the process that sets the controls and requirements which govern physical access control to the IT Services, 6045 South Kenwood Data Center, POD-B. This Data Center is a secure area, housing University equipment supporting High Performance Research (HPC), Research Computing, and Big Data. These controls also support the HIPAA and FISMA compliance requirements.

Physical Access

  1. A "sign in" log will be located at the “Man Trap” entrance for all entering the data center.
  2. Every UNAUTHORIZED visitor entering the data center is required to sign in/out.
  3. The log history will be maintained for no less than 18 months.
    1. Fields to be included in sign in log to include: Date, User, Purpose / CAB (Change Authorization Board) ticket, Time in, Time out.
    2. See the Sample Sign-in.
  4. Access to all secured areas require the use of an AUTHORIZED University of Chicago ID card, assigned contractor card, or be escorted by and AUTHORIZED person.
  5. Upon completion of work or visit each person is to complete the "sign out" section of the log book.

Authorized/Unauthorized access/Vendor authorization

  1. AUTHORIZED users are allowed unsupervised access and can escort UNAUTHORIZED visitors in POD-B
  2. Every AUTHORIZED user will badge both in and out of the Data Center. No “coat tailing” is to be allowed
  3. AUTHORIZED Data Center access for system administrators and contractors shall be granted via a person's manager submitting a ticket through ServiceNow
  4. Alternatively groups my also submit either the Authorized Access Request Form. or the Contractor Authorized Access Request Form.
  5. AUTHORIZED approval to be granted by any of the following:
    1. CIO
    2. Executive Director for Enterprise Applications and Services (EAS)
    3. Director, Enterprise Applications and System Operations
    4. Senior Consultant for Data Center Strategies
  6. Approved access authorization request forms will be returned to the Operations staff who will maintain the approved access list

Emergency Access

  1. Emergency access will automatically be allowed to those previously granted AUTHORIZED access.
  2. Non-authorized access users must be escorted by the operations staff or an AUTHORIZED service owner during an Emergency repair.
  3. When possible Fire, Police, and Campus Police will be escorted through secure areas. In the event escorting is prevented by these groups, no other access will be allowed until general access is granted by Campus Police.

Access Termination

  1. Termination notification received from the Human Resources department will be received by the Command Center.
  2. For confidential (terminations, RIFs, the like) a member of the Management team remove access to POD-B.
  3. The Command Center will process "Quick Closure" notification from Central HR according to the Quick Closure process
  4. For non-confidential termination or mutual separation access will be removed by the Command Center.
  5. The disable activity, including timestamp, is logged in the card system. Cards become unusable at point removed from the system.

HIPAA

  1. Completion of the online HIPAA training is required before a person is granted AUTHORIZED access to POD-B.
  2. There is no HIPAA retraining requirement at this time.

Audit

  1. Quarterly reviews of the access logs (Electronic and written log book) and authorized access list will be performed by the Data Center Operation team and available to the OLG personnel at their request.



Keywords:dc, datacenter, HIPAA, FISMA   Doc ID:42254
Owner:Raymond P.Group:University of Chicago
Created:2014-07-28 15:30 CDTUpdated:2017-04-27 11:41 CDT
Sites:University of Chicago, University of Chicago - Sandbox
Feedback:  0   0