IT/PPS 08.01 - Electronic and Key Access to Data Centers

Electronic and Key Access to Data Centers

IT/PPS No. 08.01
Issue No. 7
Effective Date: 7/03/2024
Next Review Date: 3/01/2029 (E5Y)
Sr. Reviewer: Associate Vice President for Technology Resources

POLICY STATEMENT

Texas State University is committed to ensuring the safety and security of assets located within data centers.

SCOPE
1. The Division of Information Technology (IT) operates multiple data centers on the Texas State University – San Marcos campus. The following procedures ensure that physical access to those data center facilities is controlled and that the list of individuals with physical access is periodically reviewed.
2. This policy establishes procedures for granting electronic and key access to data centers and for the periodic review of physical access to the data centers operated by IT.
PROCEDURES FOR ELECTRONIC DOOR ACCESS CONTROL
1. Ingress Management Services controls access to data center facilities on the Texas State – San Marcos campus by physical key access or the electronic door access control system.
2. Ingress Management Services is responsible for granting personnel access to specific doors controlled by the electronic door access control system.
3. Ingress Management Services shall grant users electronic card access to the data center facilities only with written authorization from IT.
4. In March and October annually, IT management shall obtain a list from Ingress Management Services and review personnel granted electronic card access to the data center facilities. The purpose of this review is to identify and remove access to any person who may no longer have a business need for physical access.
5. Based on the periodic review, IT management shall document any requisite changes to the list of authorized personnel and request those changes in writing from Ingress Management Services.
6. IT management shall maintain written documentation of these semi-annual reviews and requested changes for a period of two years.
PROCEDURES FOR ISSUING KEYS
1. In the case that the electronic door access control system is not functioning, the doors controlling access to the data center may be opened using keys.
  1. Keys may be issued to individuals.
  2. Shared keys may be issued to an electronic key box, and individuals may be granted access to check out keys on an as-needed basis.
2. Ingress Management Services is responsible for issuing keys and managing access to keys in the electronic key boxes.
3. Ingress Management Services shall issue keys to the data center facilities only with written authorization from IT management.
4. In March and October annually, IT management shall obtain a list from Ingress Management Services and review personnel issued a key to the data center facilities. The purpose of this review is to identify and remove key access to any person who may no longer have a business need for physical access.
5. Based on the periodic review, IT management shall document any requisite changes to the list of authorized personnel and request those changes in writing from Ingress Management Services.
6. IT management shall maintain written documentation of these semi-annual reviews and requested changes for a period of two years.
REVIEWERS OF THIS PPS
1. Reviewers of this PPS include the following:
  
  Position Date
  
  Associate Vice President for Technology Resources March 1 E5Y
  
  Chief Information Security Officer March 1 E5Y
  
  Vice President for Information Technology March 1 E5Y
CERTIFICATION STATEMENT

This PPS has been reviewed by the following individuals in their official capacities and represents Texas State Information Technology policy and procedure from the date of this document until superseded.

Associate Vice President for Technology Resources; senior reviewer of this PPS

Vice President for Information Technology

Position	Date
Associate Vice President for Technology Resources	March 1 E5Y
Chief Information Security Officer	March 1 E5Y
Vice President for Information Technology	March 1 E5Y