STANDARD FOR DATA CENTER FACILITY
The University of Texas at San Antonio
Office of Information Technology
Office of Information Security (OIS) Standards
OIS 8 – Standard for Data Center Facility
I. STANDARD STATEMENT
The Office of Information Technology Data Center (OITDC) requires that all customers, contractors, and vendors abide by the following guidelines, which are designed to promote safety and to protect the servers and infrastructure that support the University's operations.
This standard supports HOP Policy 8-12 Information Resources Use and Security Policy.
This standard applies to all UTSA faculty, staff, and students.
If you have any questions about OIS 8 – Standard for Data Center Facility contact the following office:
The Office of Information Security
- OITDC requires that all customers, contractors and vendors abide by the following general guidelines.
- Food, beverages, and smoking are not allowed in the Data Center.
- Doors are not to be propped, blocked, or taped open. All security doors are to be kept locked at all times.
- The FM200 (fire suppression room) is off-limits to unauthorized personnel.
- Umbrellas, rain coats, etc. must be left in the front area to prevent water damage to the equipment or floor.
- No cleaning supplies (including water) are allowed in the Data Center without prior approval.
- Compressed air canisters are not allowed in the Data Center. If it is necessary to cleanse a system by blowing the dust out, it must be done outside the Data Center.
- Only HEPA filter vacuum cleaners may be used in the Data Center, and only on approved isolated power circuits.
- Employees may only access racks containing equipment for which they are responsible.
- Only Data Center staff may install/relocate floor tiles or make adjustments to dampers on vented floors. Floor tiles are not to be removed without prior approval from OITDC management.
- No air handling equipment shall be deployed within the Data Center without prior approval from the OITDC staff. Exception: If the Data Center cooling systems have failed, and it is necessary to safeguard equipment.
- All racks located within the Data Center will have front and rear doors and must be locked at all times. OITDC staff must be provided with keys for all racks and systems to be kept in a secure location and used only in emergency situations.
2. ACCESS TO THE FACILITY
- Only authorized personnel are allowed to enter the Data Center unescorted. "Authorized personnel" is defined as someone who has been granted access to the room via the card access system.
- Non-UTSA employees without a legitimate, work related reason shall not enter the Data Center. Children under the age of 18 are not allowed in the data center under any circumstances.
- Vendors, contractors and other individuals with a need to enter the Data Center (but do not have card access) may be placed on the Approved Access list. All Data Center access is subject to review by the OITDC management. To request inclusion on or removal from the Approved Access list, please email your request to Brent.League@utsa.edu.
- Any UTSA employee who does not have card access, but needs to enter the facility, must present proper identification, sign in and out, and provide a legitimate reason for being in the data center. If Data Center personnel determine that the reason is not legitimate, access will be denied to the Data Center.
- Tours, photographs, videos, etc. are to be cleared in advance with OITDC management.
- Network devices (switches, routers, etc.) must be rack mountable and must not have wireless and DHCP services enabled.
- New equipment must be unboxed and unpacked before it enters the Data Center. The front area of the room is designed to be used as a staging area to facilitate this.
- Rack "U" positions that are not used or filled with rear-facing equipment (i.e. network switches) must be covered with blanking plates to ensure proper routing and distribution of air to and through the equipment in the rack.
- All departments and vendors utilizing the Data Center must keep their areas neat, orderly, and free of refuse (such as discarded equipment boxes, paper, water, packing materials, etc.).
- Do not place anything on or near fire suppression equipment.
- Do not place anything on or within three feet of any transformer or electric panel.
- Do not place anything on top of an air handler.
- Do not block access to or view of safety equipment and signs.
- Do not block any doors in the Data Center.
- During a fire alarm, everyone except authorized fire responders must immediately evacuate the Data Center.
OITDC reserves the right to permanently revoke Data Center access and/or request any visitors or personnel leave the premises should they violate any of these policies.
Effective Date: January 1, 2014
Last Revised: March 15, 2016