View Current

IT Server Room Access Procedures

This is not a current document. To view the current version, click the link in the document's navigation bar.

Section 1 - Overview

(1) These procedures outline the processes to be followed when granting or revoking access to the ITD server rooms. The procedures also cover the responsibilities and requirements for UNE staff and contractors when accessing UNE's ITD server rooms.

Top of Page

Section 2 - Scope

(2) The NSW State Auditor requires that access to the UNE ITD server rooms is strictly controlled, monitored and logged. The server rooms are classified as a restricted area containing sensitive IT infrastructure equipment, business critical data and services. The procedures outlined in the document are applicable to all UNE staff and contractors who have access to the UNE ITD server rooms.

Top of Page

Section 3 - Procedures

Approval

(3) The Director, Information Technology , Associate Director (Infrastructure Services) or the IT Security Manager can grant or revoke access to the UNE IT server rooms.

Submitting the approval form

(4) All requests for the ITD server room access must be made using the ITD Server Room Request form, available from IT Business Services or as an associated document attached to this procedure.

(5) The approved form should be submitted to IT Business Services in person or via email to itoffice@une.edu.au .

Responsibilities

(6) IT Business Services will arrange for access to be added to the UNE ID card for the time period specific on the approved form.

(7) If the person making the request does not have a UNE ID card (i.e. contractor), IT Business Services will issue a temporary IT Visitor card with access privileges for the time period specific on the approved form.

(8) IT Business Services will confirm, in writing via email, to the UNE staff member that access has been added to their UNE ID card or IT Business Services will, in writing via email, request the contractor to collect the IT Visitor card and sign for the collection on the space provided on the approved IT Server Room Access Request form.

(9) The contractor must return the IT Visitor card to IT Business Services upon expiration of the time period specified on the approved ITD Server Room Access form or upon written request from the Director, Information Technology , Associate Director (Infrastructure Services) or the IT Security Manager, irrespective of the circumstances upon which the IT Visitor Card is returned the contractor must sign the ITD Server Room Access Request form, lodged with IT Business Services, indicating return.

(10) UNE staff and contractors must use their ID card to access the IT server rooms.

(11) Keys to ITD server rooms will only be issued under special circumstances and requested via the IT Server Room Access Request form and approved by Director, Information Technology , Associate Director (Infrastructure Services) or the IT Security Manager.

(12) IT Business Services will request, in writing via email, the UNE staff member or contractor to collect the ITD server room keys as specified on the approved form and sign for the collection of the key on the space provided on the approved IT Server Room Access Request form.

(13) The UNE staff member or contractor must return the key to IT Business Services upon expiration of the time period specified on the approved ITD Server Room Access Request form or upon written request of the Director, Information Technology , Associate Director (Infrastructure Services) or the IT Security Manager. Irrespective of the circumstances upon which the key is returned the contractor must sign the ITD Server Room Access Request form, lodged with IT Business Services, indicating return.

(14) Any UNE staff or contractors holding keys to any IT server rooms must ensure that keys are kept in a secure, locked location when not in use. It is the staff member's responsibility to ensure keys are always secure.

(15) UNE Staff and contractors must inform UNE Safety and Security prior to the use of the key if a key is to be used to access the ITD server rooms. The Security manager must also be informed via email to it-security@une.edu.au outlining the reason for accessing the IT server rooms via a key and include the date, time and duration of the access.

(16) UNE staff and contractors who become aware or suspect there may have been unauthorised access to an ITD server room must inform the IT Security manager via email to it-security@une.edu.au . Please include the location, date and time of the event.

(17) UNE staff and contractors who discover or become aware of a weakness in the security controls for any of the ITD server rooms (e.g. unlocked doors, inappropriate access assigned to an ID card, etc.) must report the matter immediately or as soon as practicable, including all relevant information to the IT Security Manager via email to it-security@une.edu.au .

(18) IT Business Services will provide a copy of these procedures to UNE staff and contractors with the ITD Server Access Request form.

Top of Page

Section 4 - Definitions

(19) Approved - means authorised by the Director, Information Technology , Associate Director (Infrastructure Services) or the IT Security Manager.

(20) Contractors - means third party service providers, staff of third part service providers, independent contractors or individuals paid under contract or UNE purchase orders.

(21) ITD server rooms - means the server rooms maintained by the Information Technology Directorate and includes the IT building sever rooms, the T.C. Lamble server room, the Austin College server room and the Booth Block basement PABX room.

(22) UNE staff - means all employees of the University of New England.