IT/PPS 08.01 - Electronic and Key Access to Data Centers
Electronic and Key Access to Data Centers
IT/PPS No. 08.01
Issue No. 6
Effective Date: 3/02/2023
Next Review Date: 3/01/2024 (EY)
Sr. Reviewer: Associate Vice President for Technology Resources
POLICY STATEMENT
Texas State University is committed to ensuring the safety and security of assets located within data centers.
BACKGROUND INFORMATION
The Division of Information Technology (IT) operates multiple data centers on the Texas State University – San Marcos campus. The following procedures ensure that physical access to those data center facilities is controlled and that the list of individuals with physical access is periodically reviewed.
This policy establishes procedures for granting electronic and key access to data centers and for the periodic review of physical access to the data centers operated by IT.
PROCEDURES FOR ELECTRONIC DOOR ACCESS CONTROL
Ingress Management Services controls access to data center facilities on the Texas State – San Marcos campus by physical key access or the electronic door access control system.
Ingress Management Services is responsible for granting personnel access to specific doors controlled by the electronic door access control system.
Ingress Management Services shall grant users electronic card access to the data center facilities only with written authorization from IT.
In March and October annually, IT management shall obtain a list from Ingress Management Services and review personnel granted electronic card access to the data center facilities. The purpose of this review is to identify and remove access to any person who may no longer have a business need for physical access.
Based on the periodic review, IT management shall document any requisite changes to the list of authorized personnel and request those changes in writing from Ingress Management Services.
IT management shall maintain written documentation of these semi-annual reviews and requested changes for a period of two years.
PROCEDURES FOR ISSUING KEYS
In the case that the electronic door access control system is not functioning, the doors controlling access to the data center may be opened using keys.
Keys may be issued to individuals.
Shared keys may be issued to an electronic key box, and individuals may be granted access to check out keys on an as-needed basis.
Ingress Management Services is responsible for issuing keys and managing access to keys in the electronic key boxes.
Ingress Management Services shall issue keys to the data center facilities only with written authorization from IT management.
In March and October annually, IT management shall obtain a list from Ingress Management Services and review personnel issued a key to the data center facilities. The purpose of this review is to identify and remove key access to any person who may no longer have a business need for physical access.
Based on the periodic review, IT management shall document any requisite changes to the list of authorized personnel and request those changes in writing from Ingress Management Services.
IT management shall maintain written documentation of these semi-annual reviews and requested changes for a period of two years.
REVIEWERS OF THIS PPS
Reviewers of this PPS include the following:
Position Date Associate Vice President for Technology Resources March 1 EY Chief Information Security Officer March 1 EY Vice President for Information Technology March 1 EY
CERTIFICATION STATEMENT
This PPS has been reviewed by the following individuals in their official capacities and represents Texas State Information Technology policy and procedure from the date of this document until superseded.
Associate Vice President for Technology Resources; senior reviewer of this PPS
Vice President for Information Technology