DoIT Data Center Access Control Policy

This document details DoIT's data center access control policy.

Table of Contents

1.0 Scope
2.0 Purpose
3.0 Responsibility
4.0 Communication of Policy
5.0 Categories of Access
6.0 Badge Visibility
7.0 Use of Photo and Video Equipment
8.0 Conduct of Authorized Users
9.0 Visitors without Pre-authorized Access
10.0 DC Access Control

1.0 Scope

1.0.1 Document the policy for requesting, reviewing, authorizing, assigning, and maintaining access rights for those who need to perform services or visit Division of Information Technology (DoIT)-managed data centers at the University of Wisconsin-Madison (UW-Madison).

1.0.2 The policy articulated here may at times be joined by access control policies in place at facilities DoIT partners with or purchases physical hosting services from. The policy here will not contradict any of those policies and will presume conformity on the part of the individual wishing to access those facilities with those distinct policies.

2.0 Purpose

2.0.1 In support of UW-Madison DoIT data center data center access and physical security, these policies and procedures provide a strong security strategy that protects DoIT employees, data, and resources entrusted to DoIT by UW-Madison and its customers. These procedures are intended to clarify access requirements for all DoIT-managed data centers.

3.0 Responsibility

3.0.1 UW-Madison DoIT Data Center Access Control is responsible for assigning access rights to individuals for secured areas under its control based on management-approved requests and for issuing all temporary security badges provided to Data Center Access Control by the UW-Madison Police Department (UWPD). Data Center Access Control is the security liaison between UW-Madison, DoIT, and anyone having equipment in DoIT data centers.

4.0 Communication of Policy

4.0.1 All sponsors of individuals with authorized access to DoIT data centers are responsible for ensuring those individuals are aware of and comply with the policies and procedures identified in this document.

4.0.2 All personnel who are authorized to access DoIT data centers must read, understand, and comply with the policies and procedures identified in this document.

5.0 Categories of Access

There are five categories of access to DoIT data centers: Permanent Access, Long-Term Access, Short-Term Access, Escort-Only Access, and Tour Access.
For detailed procedures on obtaining access via any of these categories, see Data Center Access Categories

6.0 Badge Visibility

6.0.1 While in DoIT data centers or related secured areas, badges must be worn with the photos on them visible at all times. Acceptable badge display areas are on the chest or front of either hip.

7.0 Use of Photo and Video Equipment

7.0.1 Taking pictures or video is not allowed within DoIT data centers except by UW employees with Permanent Access.

7.0.2 Exceptions to this policy will be evaluated on a case-by-case basis, and any granted exceptions will require authorization by the Data Center Services manager (or their designee). In such an instance, all pictures or video taken will be reviewed by and require the approval of the Data Center Services manager (or their designee) prior to leaving the secured area.

8.0 Conduct of Authorized Users

8.0.1 All individuals must present their access credentials at each access control point to ensure a valid access event is registered (i.e., no tailgating).

8.0.2 No food or drink is allowed within DoIT data centers.

8.0.3 Visitors may not tamper or interact with equipment that is not theirs.

8.0.4 Individuals must comply with all Data Center Team instructions while in DoIT data centers.

8.0.5 Badges are non-transferable and may not be used by anyone other than the person the badge was originally assigned to.

9.0 Visitors without Pre-Authorized Access

9.0.1 Visitors without pre-authorized access will be asked who they work for, what work they will be doing that requires access, and whether they have DoIT authority to perform that work. The visitor should know who their proper facility escort is, but may not offer that information without being asked.

10.0 DC Access Control

Data Center Access Control assigns and maintains access to DoIT data centers. Data Center Access Control is located in room B332 in the basement of the Computer Sciences and Statistics building at 1210 W Dayton St, Madison, WI 53706. They can be reached by phone at 608-890-3193 or via email at dcaccesscontrol@doit.wisc.edu.