Purpose
This Control sets the requirements which govern monitoring physical access to Enterprise Data Centers
Scope
This Control applies to Staff, Faculty, visitors, contractors, and any requiring access to the University of Chicago Enterprise Data Centers. The scope includes:
- Monitoring Enterprise Data Center physical access
- Intrusion events
The process offers the following Enterprise Data Centers NIST level unless otherwise specified below:
- 1155 – Moderate
- Hinds – Low
- POD-A – Moderate
- POD-B - Moderate
- POD-C - Moderate
Policy
- All Users, AUTHORIZED or UNAUTHORIZED, will comply with these requirements
- Physical access to all Enterprise Data Centers will be monitored via video surveillance
- Additional surveillance will be implemented within Data Centers where required by data protection agreements
- All intrusion events will be reported to and investigated by The University Department of Safety and Security
PROCESS
Monitoring Physical Access
- The Command Center will monitor access to Enterprise Data Center’s with compliance data requirements via campus video surveillance tools
- Campus Department of Safety and Security will record all Enterprise Data Center campers for a minimum of 30 days
- Data Center cameras will record 24x7
- Additional cameras will be implemented monitoring the front and back of cabinets as required by data protection agreements
- Electronic access controls will be added to any cabinet as mandated by a data protection agreement
Responsibilities
- Executive Director for Enterprise Applications and Services
- Support Monitoring Physical Access
- Director Data Center Strategy & Operations
- Implement Monitoring Physical Access
- Command Center
- ITS Data Center Governance
- Approve Monitoring Physical Access
Related Documents
Policy and Procedure documents specific to IT Security, Change Management and Backup & Recovery
Process Review & Approval
Management will perform an annual review of this process. Based on the review, management may change this process to reflect its intentions and compliance requirements. Both IT Services and business users will be informed of any changes to this process and will be provided with a revised process.