Skip to body

Information Services

Computer Center Access & Maintenance Policy

INFORMATION SERVICES DEPARTMENT

Title: Computer Center Access & MaintenanceNumber:
PL301.0
Eff: 3/1/04
Rev: 02/26/14

Purpose:
The purpose of this policy is to ensure the physical security of the Central Washington University (CWU) Computer Center.  The Computer Center houses the central computing resources for the University including the Computer Operations Center, Network Operations Center, and Telecommunications Center.  It is the responsibility of the Information Services (IS) Department to maximize physical security of this location to assure the highest level of availability and reliability of CWU’s Information Technology (IT) services and resources.

Policy:
This policy applies to anyone requiring access to the CWU Computer Center including, but not limited to, CWU employees, CWU students, contractors, vendors, guests, volunteers or business partners.

1. The Information Services department shall develop physical access authorization standards for employees and personnel that require access to the Data Centers.

Information Services shall be responsible for developing the methods for authorization of personnel who frequently access the computer centers and for personnel that need physical access from time to time.

2. Employees of CWU that routinely access the Computer Centers shall be authorized by the Information Services Department.

In an effort to ensure secure access by authorized staff on a regular basis, Departments requiring routine access shall obtain authorization for Information Services according to established standards.

3. The name and location of the Computer Center shall remain anonymous to the greatest extent possible.

The building, physical location, and other identifying characteristics shall remain anonymous in order to protect its location from unauthorized access and activities.  All references are protected from public disclosure as critical computing assets pursuant to RCW 42.56.420.


4. All personnel requiring access to the Computer Centers shall register at the main Operations Desk.
All personnel requiring access to the CWU Computer Center who are not permanently assigned to the Computer Center are required to register at the main Operations Desk prior to being granted access.  Individuals without prior authorization shall be escorted.  Individuals  will register by notifying the operations staff of their need to access the facility and by logging the following information into the CWU Computer Center Access Log:
• Name (Full name printed);
• Signature;
• Department/Company name;
• Phone number or University extension;
• Purpose of visit/access;
• Time In/Time Out.
Personnel accessing the facility whose work/purpose has the potential to impact the operational status or integrity of the Computer Center are required to: 1) Schedule the work in advance, 2) Provide IS Operations Staff with a description of the work to be accomplished 3) Document to the change(s) to be made, and 4) Coordinate work schedule with IS Operations Staff.  Areas of work which impact the operational status or integrity of the facility may include, but not be limited to:
• Network and data integrity;
• Air Conditioning and Air Handling equipment;
• Power including street, generator, battery backup and local service;
• Telecommunication Services;
• Fire Suppression.
• Plumbing and drainage.

5. Emergency Situations: In the event of an emergency during hours when the Computer Centers are not staffed, authorized personnel requiring access may do so without notification.

Emergency situations are limited to events which are highly likely to adversely impact the operational integrity of the Computer Center, or may result in equipment damage or personnel injury.  Personnel are to register and notify IS Operations Staff at the earliest convenience with the specifics of the emergency and any work performed.

6. Enforcement: Only personnel with a business need to enter the facility shall be granted access.  IS Management and/or its delegated staff is authorized to deny access to any individual who does not have a business need for access or who violates this policy.  Policy violations will lead to disciplinary action.