Physical Access to Network Operations Center(s)

Purpose

To implement regulations that safeguards the universities valuable data and enterprise computing equipment.

Scope

The scope of this policy is limited to physical access to the IT Network Operation Centers (NOCs).

Background

Traditionally APU has relied upon trust of the various employees within IT to determine whether an individual should have access to the NOC’s. This has proved to be inadequate as network and server stability has become more critical in maintaining an efficient, reliable, and secure environment. The current compliance environment requires that APU secures access to servers and storage devices that contain private and confidential information.

Policy

Physical access will be limited to APU employees whom the Associate Director of Network Services approves to have access to the NOC locations. The criteria for access to the NOC’s will be based on: The individual’s need to work physically with Network, Server, Telecom, related equipment The frequency which the individual will need such access.

If the frequency is less than once per month then the individual will be escorted by an authorized employee who has access.

Enforcement

Card key locks will be maintained on all NOC doors. The access list will be maintained by the Manager of Systems Engineering in cooperation with the university locksmith.

Appeal Process

All appeals will be submitted to the Associate Director of Network Services and then escalated up the business structure for further review.

Exceptions

Facilities Management employees will continue to be granted access to the NOCs via traditional key lock. This access should be used for maintenance of HVAC systems, power, and fire alarm. The use of this access will be audited and reviewed by the Associate Director of Network Services to ensure proper use is being practiced. In case, misuse is detected the Associate Director of Network Services will contact the employee’s manager to discuss the misconduct.