Purpose

This Control sets the policy and procedures for the implementation of controls and requirements which govern physical and environmental protection to the University of Chicago Enterprise Data Centers.

Scope

This Control applies to the Enterprise Data Centers:

• 1155
• Hinds
• POD-A
• POD-B
• POD-C
• Cloud
• Off-site hosting facility(s) managed by the Enterprise group.

Controls may be reduced for a specific Enterprise Data Center based on the required compliance level and space.

Policy

• IT Services will define, implement, and monitor the required physical and environmental controls meeting the NIST moderate and high levels of support as required, in the support of the University's computing needs.
• All systems, staff, faculty, vendors, and others working in the University Enterprise Data Centers will adhere to all related policies and procedures

Process

• Policies and procedures will be established meeting moderate and high levels as prescribed in NIST Special Publication 800-53 (Rev. 4)
• Data Center policies and procedures will be reviewed and updated annually.
• Data Center policies and procedures will be updated with each new NIST Revision release.

Audit

This and related policy and procedures will be reviewed annually.

Responsibilities

• Listed below are the individuals involved with this process and the major scope of their responsibility:
• Executive Director
  • Approver for AUTHORIZED access list
  • Set general policy & process

• Director of Data Center Strategy & Operations
  • Approver for AUTHORIZED access list
  • Set general policy & process
• ITS Data Center Governance
  • Set general policy and process
  • Approve general policy and process
  • Annual review of policy and process
• Operations Staff
  • Implement Access control policy & process

Related Documents

Policy and procedure documents specific to IT Security, Change Management and Backup & Recovery.

• Daily/Weekly/Monthly Data Center Checklists
• Approved vendor/contractor List
• Run Book
• CAB Process

Process Review & Approval

Management will perform an annual review of this process. Based on the review, management may change this process to reflect its intentions and compliance requirements. Both IT Services and business users will be informed of any changes to this process and will be provided with a revised process.