Академический Документы
Профессиональный Документы
Культура Документы
sources, and are modeled on best practices by other universities such as the University of
Washington and CIC partners.
Working with the UW Police Department (UWPD) and UW Facilities Planning & Management
(FP&M) staff, the following recommendations have been implemented:
1. Simplify management of control systems and establish business procedures across DoIT,
UWPD, and FP&M. A single authority should grant and audit access to the data centers.
2. Establish process for review and authorization of staff to access data center facilities.
Access levels should include permanent, long-term, short-term, escort-only, and a special
category for tours and special events.
3. Eliminate the mix of physical key and card-reader access through the use of card-readeronly access. Two-factor authentication (card-reader and PIN) should be used at key
access points to critical facilities to provide protection in case an ID badge is lost.
4. Eliminate all hard key access except for a special master key held by UW Police &
Security staff. This includes removing key access for building managers.
5. Provide a two-stage access control barrier before an individual reaches the data center.
Utilize the SEO front office area as an access control point. Maintain entry/exit log books
at this location. Triage requests for access to appropriate parties (requests for badge
access, requests for escort access, requests for tours or special events).
6. Eliminate the use of the B347 conference room for activities other than those necessary
for SEO operations. Minimize extraneous traffic in the main access hallway to the data
center.
7. Increase auditable video surveillance. Provide video coverage for all essential facilities,
access points, and sensitive areas. Provide periodic audits that video access records match
card reader records to ensure that all staff swipe in and out of sensitive areas and that we
do not have unauthorized people "piggybacking" on an authorized individual's access.
8. Provide visible video monitoring for operations and other key staff. This provides a
safety service for those staff needing to leave the secured area for shift changes, restroom,
food/beverage, and other breaks.
9. Provide alarm and notification systems to mark unauthorized access or egress with
appropriate escalation by SEO staff and by UW Police. UW Police will conduct access
policy enforcement as SEO staff are not in a position to intervene in a problem situation.
Addressing these points has led to physical and policy modifications for the data centers.
Physical changes include: door/latch reinforcement, additional access control points, two-factor
PIN pad installation, additional cameras, security glass, door alarming, hardened keyways, a DC
Access Control check-in window, and other physical space modifications. These changes have
largely been completed. Video monitoring has been increased with visible displays in the
operator's area and at the main SEO reception desk. Specific duties related to data center security
have been written into the position description for the SEO program assistant located in B332.
1.0 Scope
1.0.1 Document the policy and procedures for requesting, reviewing, authorizing, assigning, and
maintaining access rights for those who need to perform services or visit Division of Information
Technology (DoIT)-managed data centers at the University of Wisconsin-Madison (UWMadison).
2.0 Purpose
2.0.1 In support of UW-Madison DoIT data center data center access and physical security, these
policies and procedures provide a strong security strategy that protects DoIT employees, data,
and resources entrusted to DoIT by UW-Madison and its customers. These procedures are
intended to clarify access requirements for all DoIT-managed data centers.
3.0 Responsibility
3.0.1 UW-Madison DoIT Data Center Access Control is responsible for assigning access rights to
individuals for secured areas under its control based on management-approved requests and for
issuing all temporary security badges provided to DC Access Control by the UW-Madison Police
Department (UWPD). DC Access Control is the security liaison between UW-Madison, DoIT,
and anyone having equipment in DoIT data centers.
4.0 Communication of Policy
4.0.1 All sponsors of individuals with authorized access to DoIT data centers are responsible for
ensuring those individuals are aware of and comply with the policies and procedures identified in
this document.
4.0.2 All personnel who are authorized to access DoIT data centers must read, understand, and
comply with the policies and procedures identified in this document.
5.0 Categories of Access
There are five categories of access to DoIT data centers: Permanent Access, Long-Term Access,
Short-Term Access, Escort-Only Access, and Tour Access:
6.1.1.3 Must have a valid Wiscard that is also in the Central Card Access
System (CCAS). Refer to http://www.wiscard.wisc.edu/service.html for
details.
6.1.1.4 The applicant must visit DC Access Control to select a PIN and
have approved access areas assigned.
o 7.1.4 The applicant must visit DC Access Control with badge to have a PIN and
approved access areas assigned.
o 7.2.1 Badges must not be altered or defaced in any way; badges must not be bent,
written on, have anything affixed to, or have holes punched in them.
o 7.2.2 The individual's DoIT sponsor must immediately report any change in job
duties or employment status to DC Access Control that would change the need to
have data center access.
o 7.2.3 The individual must retain sole possession of the badge for the duration of
their approved use. The individual is responsible for badge use. Badge use is not
transferable and cannot be shared.
12.0.1 While in DoIT data centers or related secured areas, badges must be worn with the photos
on them visible at all times. Acceptable badge display areas are on the chest or either front hip.
13.0 Use of Photo and Video Equipment
13.0.1 Taking pictures or video is not allowed within DoIT data centers except by DoIT
employees with Permanent Access.
13.0.2 Exceptions to this policy will be evaluated on a case-by-case basis, and any granted
exceptions will require authorization by the DC&SCS manager (or their designee). In such an
instance, all pictures or video taken will be reviewed by and require the approval of the
DC&SCS manager (or their designee) prior to leaving the secured area.
14.0 Conduct of Authorized Users
14.0.1 No food or drink is allowed within DoIT data centers.
14.0.2 Visitors may not tamper or interact with equipment that is not theirs.
14.0.3 Individuals must comply with all Data Center Team instructions while in DoIT data
centers.
14.0.4 Badges are non-transferable and may not be used by anyone other than the person the
badge was originally assigned to.
14.0.5 Individuals must present their access credentials at each access control point to ensure a
valid access event is registered (i.e., no tailgating).
15.0 DC Access Control
DC Access Control assigns and maintains access to DoIT data centers. DC Access Control is
located in room B332 in the basement of the Computer Sciences and Statistics building at 1210
W Dayton St, Madison, WI 53706. They can be reached by phone at 608-890-3193 or via email
at dcaccesscontrol@doit.wisc.edu.
Forms
Permanent
Long-Term
Short-Term