DoIT Data Center Access Control Policy

This document details DoIT's data center access control policy.

Table of Contents

1.0 Scope
2.0 Purpose
3.0 Responsibility
4.0 Communication of Policy
5.0 Categories of Access
6.0 Permanent Access
7.0 Long-Term Access
8.0 Short-Term Access
9.0 Escort-Only Access
10.0 Tour Access
11.0 SEO Staff Offices Access (B332)
12.0 Badge Visibility
13.0 Use of Photo and Video Equipment
14.0 Conduct of Authorized Users
15.0 DC Access Control
16.0 Forms


1.0 Scope

1.0.1 Document the policy and procedures for requesting, reviewing, authorizing, assigning, and maintaining access rights for those who need to perform services or visit Division of Information Technology (DoIT)-managed data centers at the University of Wisconsin-Madison (UW-Madison).

1.0.2 The policy articulated here may at times be joined by access control policies in place at facilities DoIT partners with or purchases physical hosting services from. The policy here will not contradict any of those policies and will presume conformity on the part of the individual wishing to access those facilities with those distinct policies.

2.0 Purpose

2.0.1 In support of UW-Madison DoIT data center data center access and physical security, these policies and procedures provide a strong security strategy that protects DoIT employees, data, and resources entrusted to DoIT by UW-Madison and its customers. These procedures are intended to clarify access requirements for all DoIT-managed data centers.

3.0 Responsibility

3.0.1 UW-Madison DoIT Data Center Access Control is responsible for assigning access rights to individuals for secured areas under its control based on management-approved requests and for issuing all temporary security badges provided to DC Access Control by the UW-Madison Police Department (UWPD). DC Access Control is the security liaison between UW-Madison, DoIT, and anyone having equipment in DoIT data centers.

4.0 Communication of Policy

4.0.1 All sponsors of individuals with authorized access to DoIT data centers are responsible for ensuring those individuals are aware of and comply with the policies and procedures identified in this document.

4.0.2 All personnel who are authorized to access DoIT data centers must read, understand, and comply with the policies and procedures identified in this document.

5.0 Categories of Access

There are five categories of access to DoIT data centers: Permanent Access, Long-Term Access, Short-Term Access, Escort-Only Access, and Tour Access:
  • 5.1 Permanent Access
    • For UW-Madison employees with a business need to provide services in DoIT data centers
    • Requires a valid Wiscard
    • Requires a UW-Madison supervisor as a sponsor
    • No escort required
    • Refer to section 6.0 for details regarding the acquisition of Permanent Access
  • 5.2 Long-Term Access
    • For contractors/vendors who have long-term support agreements to provide services for equipment in DoIT data centers
    • Requires a DoIT supervisor as a sponsor
    • No escort required
    • Refer to section 7.0 for details regarding the acquisition of Long-Term Access
  • 5.3 Short-Term Access
    • For those with limited-term engagements to provide a defined service over a defined period of time
    • For individuals who are familiar with data center policies
    • Requires Data Center Services manager sponsorship
    • No escort required
    • Refer to section 8.0 for details regarding the acquisition of Short-Term Access
  • 5.4 Escort-Only Access
    • For co-location customers or contractors without long- or short-term access
    • Requires a DC Access Control-approved escort at all times while in DoIT data centers
    • Appointments for access should be scheduled at least 24 hours in advance
    • Badges are issued at the DC Access Control point (refer to section 15) at the time of access
    • Refer to section 9.0 for details regarding the acquisition of Escort-Only Access
  • 5.5 Tour Access
    • For individuals with no primary business need to access DoIT data centers other than for education or demonstration purposes
    • Tour appointments must be scheduled at least 24 hours in advance
    • Badges are issued by the DC Access Control point (refer to section 15)
    • Requires a DC Access Control-approved escort at all times while in DoIT data centers
6.0 Permanent Access

6.0.1 Permanent access is generally approved for UW-Madison DoIT staff when job duties require access to DoIT data centers.
  • 6.1 Obtaining Permanent Access
    • 6.1.1 In order to be granted permanent access to DoIT data centers, the applicant must:
      • 6.1.1.1 Complete the required permanent access request form (obtainable from DC Access Control) and submit it to DC Access Control (refer to section 15).
      • 6.1.1.2 Obtain approval from the requester's supervisor, the Data Center Services manager, and the System Engineering & Operations (SEO) director.
      • 6.1.1.3 Must have a valid Wiscard that is also in the Central Card Access System (CCAS). Refer to WISCARD FAQ for details.
      • 6.1.1.4 The applicant must visit DC Access Control to select a PIN and have approved access areas assigned.
  • 6.2 Maintaining Permanent Access
    • 6.2.1 Badges must not be altered or defaced in any way; badges must not be bent, written on, have anything affixed to, or have holes punched in them. Refer to the WISCARD FAQ.
    • 6.2.2 The individual's supervisor must immediately report any change in job duties or employment status to DC Access Control that would change the need to have data center access.
  • 6.3 Replacing Permanent Access Badges
    • 6.3.1 Lost or stolen badges must be immediately reported to DoIT Data Center Access Control via email dcaccesscontrol@doit.wisc.edu or call 608-890-3193
    • 6.3.2 For damaged, lost, or stolen badges, get a replacement Wiscard. Refer to WISCARD FAQ.
    • 6.3.3 Notify DC Access Control when a replacement Wiscard is issued so access rights can be transferred to your new Wiscard.
    • 6.3.4 If required, a temporary badge will be issued by DC Access Control until the replacement Wiscard is obtained. Refer to Section 8.0.1
7.0 Long-Term Access

7.0.1 Long-Term Access is generally granted to vendors who have annual support contracts to perform routine and emergency support of hardware and software used in DoIT data centers.
  • 7.1 Obtaining Long-Term Access
    • 7.1.1 Requests for long-term access must be initiated by a DoIT sponsor using the long-term access request form, available from DC Access Control (refer to section 15).
    • 7.1.2 DC Access Control will process each request.
    • 7.1.3 UWPD will issue approved badges:
      • 7.1.3.1 To obtain long-term badges, individuals requesting access must visit UWPD Access Control, located at 1429 Monroe St, using the side entrance. Refer to UWPD Access Control.
      • 7.1.3.2 Individual must present government-issued photo identification to UWPD Access Control.
    • 7.1.4 The applicant must visit DC Access Control with badge to have a PIN and approved access areas assigned.
  • 7.2 Maintaining Long-Term Access
    • 7.2.1 Badges must not be altered or defaced in any way; badges must not be bent, written on, have anything affixed to, or have holes punched in them.
    • 7.2.2 The individual's DoIT sponsor must immediately report any change in job duties or employment status to DC Access Control that would change the need to have data center access.
    • 7.2.3 The individual must retain sole possession of the badge for the duration of their approved use. The individual is responsible for badge use. Badge use is not transferable and cannot be shared.
  • 7.3 Replacing Long-Term Access Badges
    • 7.3.1 Lost or stolen badges must be immediately reported to DoIT Data Center Access Control via email dcaccesscontrol@doit.wisc.edu or call 608-890-3193
    • 7.3.2 If a card is damaged, lost, or stolen, it must be reported to DC Access Control. A Replacement badge can be obtained from UWPD Access Control. Refer to section 7.1.3.
    • 7.3.3 If a replacement badge cannot be obtained within an appropriate amount of time, a temporary badge can be issued by DC Access Control. Refer to section 8.0.1.
  • 7.4 Returning Long-Term Access Badges
    • 7.4.1 A badge assigned to an individual is non-transferable and may not be used by anyone other than the assigned badge holder.
    • 7.4.2 Return the badge to DC Access Control (refer to section 15).
8.0 Short-Term Access

8.0.1 Short-Term access is generally assigned to those who only require data center access for short-term project work.

Short-term badges can sometimes be issued as temporary replacements to previously-approved individuals who currently don't have their assigned badge or are in the process of replacing a lost, stolen, or damaged badge.
  • 8.1 Obtaining Short-Term Access
    • 8.1.1 Requests for short-term badges must be initiated at the direction of the Data Center Services manager using the short-term access request form available from DC Access Control (refer to section 15).
    • 8.1.2 DC Access Control will process each request
    • 8.1.3 DC Access Control will issue approved short-term badges
    • 8.1.4 The applicant must visit DC Access Control to obtain the badge and a PIN. The applicant will have to present government or UW-issued identification.
  • 8.2 Maintaining Short-Term Access
    • 8.2.1 Badges must not be altered or defaced in any way; badges must not be bent, written on, have anything affixed to, or have holes punched in them.
    • 8.2.2 The individual must retain sole possession of the badge for the duration of their approved use. The individual is responsible for badge use. Badge use is not transferable and cannot be shared.
  • 8.3 Replacing Short-Term Access Badges
    • 8.3.1 Lost or stolen badges must be immediately reported to DoIT Data Center Access Control via email dcaccesscontrol@doit.wisc.edu or call 608-890-3193
    • 8.3.2 If a card is damaged, lost, or stolen, it must be reported immediately to DC Access Control. A replacement will be issued by going to DC Access Control. Refer to section 8.0.1.
  • 8.4 Returning Short-Term Access Badges
    • 8.4.1 A badge assigned to an individual is non-transferable and may not be used by anyone other than the individual the badge was assigned to.
    • 8.4.2 Surrender the badge to DC Access Control (refer to section) 15 upon request.
9.0 Escort-Only Access

9.0.1 Escort-only access is generally for co-location customers, contractors, or vendors who have not been approved for short- or long-term access. This is typically for situations where less than one day of work needs to be performed. The work will be monitored at all times by a DC Access Control-approved escort.
  • 9.1 Obtaining Escort-Only Access
    • 9.1.1 Requests for escorted access to DoIT data centers must be arranged by communicating with the individual's DoIT contact, who will facilitate scheduling with DC Access Control.
    • 9.1.2 Requests should be scheduled with DC Access Control at least 24 hours in advance.
    • 9.1.3 Escorted groups will be limited to three individuals.
    • 9.1.4 The escort will be a DoIT employee with Permanent Access.
    • 9.1.5 Individuals with approved Escort-Only Access must sign in, obtain an Escort-Only badge, and meet their escort. Government or UW-issued photo identification will be required.
  • 9.2 Returning Escort-Only Access Badges
    • 9.2.1 When the work is finished, the individuals must return their badges and sign out at DC Access Control.
10.0 Tour Access

10.0.1 Tours of a DoIT data center are granted under limited circumstances. Tours are for educational purposes and are for viewing only.
  • 10.1 Obtaining Tour Access
    • 10.1.1 Requests for tours must be arranged with DC Access Control in person, by phone, or via email (refer to section 15). Include the purpose of the tour, names of those attending, and preferable dates and times.
    • 10.1.2 Tours must be approved by the Data Center Services manager (or their designee).
    • 10.1.3 Tours must be requested at least five business days in advance.
    • 10.1.4 A Data Center Team tour guide will coordinate the tour.
    • 10.1.5 Approved tour groups will meet their tour guide, sign in, and be issued their tour badge(s). Individuals in the tour group will be required to present government or UW-issued photo identification.
    • 10.1.6 The tour will be escorted at all times when in DoIT data centers.
  • 10.2 Returning Tour Badges
    • 10.2.1 When the tour is finished, the individuals must return their badges and sign out.
11.0 SEO Staff Offices Access (B332)

11.0.1 Access will be maintained at the same level defined in section 6.0.

12.0 Badge Visibility

12.0.1 While in DoIT data centers or related secured areas, badges must be worn with the photos on them visible at all times. Acceptable badge display areas are on the chest or front of either hip.

13.0 Use of Photo and Video Equipment

13.0.1 Taking pictures or video is not allowed within DoIT data centers except by UW employees with Permanent Access.

13.0.2 Exceptions to this policy will be evaluated on a case-by-case basis, and any granted exceptions will require authorization by the Data Center Services manager (or their designee). In such an instance, all pictures or video taken will be reviewed by and require the approval of the Data Center Services manager (or their designee) prior to leaving the secured area.

14.0 Conduct of Authorized Users

14.0.1 No food or drink is allowed within DoIT data centers.

14.0.2 Visitors may not tamper or interact with equipment that is not theirs.

14.0.3 Individuals must comply with all Data Center Team instructions while in DoIT data centers.

14.0.4 Badges are non-transferable and may not be used by anyone other than the person the badge was originally assigned to.

14.0.5 All individuals must present their access credentials at each access control point to ensure a valid access event is registered (i.e., no tailgating).

15.0 DC Access Control

DC Access Control assigns and maintains access to DoIT data centers. DC Access Control is located in room B332 in the basement of the Computer Sciences and Statistics building at 1210 W Dayton St, Madison, WI 53706. They can be reached by phone at 608-890-3193 or via email at dcaccesscontrol@doit.wisc.edu.

16.0 Forms

Permanent
Long-Term
Short-Term



Keywords:data center access control policy physical door security   Doc ID:22335
Owner:Christopher L.Group:DCTeam
Created:2012-01-20 11:37 CDTUpdated:2018-01-31 10:13 CDT
Sites:DCTeam, DoIT Help Desk, DoIT Staff
Feedback:  5   1