View Current

IT Server Room Access Procedures

This is the current version of this document. To view historic versions, click the link in the document's navigation bar.

Section 1 - Overview

(1) This procedure outlines the processes to be followed when granting or revoking access to the ITD Server Rooms. The procedure also covers the responsibilities and requirements for University Representatives when accessing the University's ITD Server Rooms.

Top of Page

Section 2 - Scope

(2) The NSW State Auditor requires that access to University ITD server rooms is strictly controlled, monitored and logged. The server rooms are classified as a restricted area containing sensitive and business critical data and services. The procedures outlined in this document are applicable to all University Representatives who have access to University ITD server rooms.

Top of Page

Section 3 - Procedure

Approval

(3) The Director Information Technology, Associate Director Infrastructure Services or the IT Security Manager may grant or revoke access to the University IT Server Rooms.

Submitting the Approved Form

(4) All requests for ITD Server Room access must be made using the ITD Server Room Access Request form.

(5) The approved, form should be submitted to IT Business Services in person or via email to itoffice@une.edu.au

Responsibilities

(6) IT Business Services will ensure that the ITD Server Room Access Request Form has been completed and approved in accordance with this procedure.

(7) IT Business Services will arrange for access to be added to the University ID card for the time period specified on the approved form.

(8) If the person making the request does not have a University ID card, IT Business Services will issue a temporary IT Visitor card with the access privileges for the time period specified on the approved form.

(9) IT Business Services will confirm, in writing via email, to the UNE Representative that access has been added to their University ID card or IT Business Services will, in writing via email, request the University Representative to collect the IT Visitor Card and sign for the collection on the space provided on the approved IT Server Room Access Request form.

(10) The UNE Representative must return the IT Visitor Card to IT Business Services upon expiration of the time period specified on the approved ITD Server Room Access Request form or upon the written request of the Director Information Technology, Associate Director Infrastructure Services or the IT Security Manager. Irrespective of the circumstances upon which the IT Visitor Card is returned the University Representative must sign the ITD Server Room Access Request form, lodged with IT Business Services, indicating the return.

(11) UNE Representatives must use their University ID card to access the IT Server Rooms whenever card access is operational.

(12) An ITD Server Room key is available to approved ITD staff via the ITD Keywatcher system. The key will only be used if card access is not available. Sections 16, 17 and 18 of this Procedure apply to the use of this key.

(13) Keys to ITD server rooms will only be issued under special circumstances and requested via the IT Server Room Access Request form and approved by the Director Information Technology, Associate Director Infrastructure Services or IT Security Manager.

(14) IT Business Services will request, in writing via email, the University Representative to collect the ITD server room key as specified on the approved form and sign for the collection of the key on the space provided on the approved ITD Server Room Access Request form.

(15) The University Representative must return the key to IT Business Services upon expiration of the time period specified on the approved ITD Server Room Access Request form or upon the written request of the Director Information Technology, Associate Director Infrastructure Services or the IT Security Manager. Irrespective of the circumstances upon which the key is returned the UNE Representative must sign the ITD Server Room Access Request form, lodged with IT Business Services, indicating the return.

(16) Any University Representatives holding keys to any of the IT Server Rooms must ensure the keys are kept in a secure, locked location when not in use. It is the University Representative's responsibility to ensure keys are always secure.

(17) University Representatives must inform University Safety & Security prior to the use of the key if a key is to be used to access the ITD Server Rooms. The IT Security Manager must also be informed via email to it-security@une.du.au outlining the reason for accessing the IT server rooms via a key and include the date, time and duration of the access.

(18) University Representatives who become aware of or suspect there may have been unauthorised access to an ITD Server Room must inform the IT Security Manager via email to it-security@une.edu.au . Please include the location, date and time of the event.

(19) University Representatives who discover or become aware of a weakness in the security controls for any of the ITD Server Rooms (e.g. unlocked doors, inappropriate access assigned to an ID card, etc) must report the matter immediately or as soon as practicable, including all relevant information to the IT Security Manager via email to it-security@une.edu.au .

(20) IT Business Services will provide a copy of these procedures to University Representatives with the ITD Server Access Request form.

Authority and Compliance

(21) The Procedure Administrator makes these procedures.

(22) University Representatives must observe these Procedures in relation to University matters.

(23) This Procedure operates as and from the Effective Date.

(24) Previous Procedures relating to IT Server Room Access are replaced and have no further operation from the Effective Date of this new Procedure.

Top of Page

Section 4 - Definitions

(25) Approved - means authorised by the Director IT, the Associate Director (Infrastructure) or the IT Security Manager.

(26) ITD Server Rooms - means the server rooms maintained by the Information Technology Directorate and includes the IT building server rooms, the T.C. Lamble building server room, the Austin College server room and the Booth Block basement PABX room.

(27) Effective Date is the date on which this Rule will take effect.

(28) Procedure Administrator is the Director, Information Technology.

(29) University Representative means a UNE employee (casual, fixed term and permanent) contractor, agent, appointee, UNE Council member, adjunct, visiting academic and any other person engaged by UNE to undertake some activity for or on behalf of the UNE. It includes corporations and other bodies falling into one or more of these categories