University of Ulster Policy Cover Sheet

University of Ulster Policy Cover Sheet
Document Title
Data Centre & Operations Manager
Approving Committee
ISD Committee
Policy approved date
Policy effective from date
Policy review date
Changes to previous version
Primary change in formatting to conform to University standard format.
Change in room and access for the data centre at the Belfast campus.
Security staff access to data centres out of hours.
Various updates.
This policy sets out the controls and rules that govern access to ISD Data Centre
room environments within University of Ulster. These are required as there are
times when people require access to carry out their duties or are paid to carry out
changes to the environment or the hosted equipment within these secure areas.
There shall be no unauthorised access to any University Data Centre without the
permission of either the Head of Infrastructure or via an arranged request to the Data
Centre & Operations Manager and under the supervision of an Infrastructure team
Violations of the conditions listed below may result in disciplinary action under the
University’s disciplinary procedures if a member of University staff or withdrawal of
any future access for any contracted persons.
To enable staff entering the room to perform authorised duties
To enable contractors to enter the room and perform authorised duties
To establish rules for conduct that must be observed by all people entering a
Data Centre room (Appendix B)
To keep appropriate records of Data Centre room activities
To provide health and safety guidelines for staff entering Data Centre rooms
(Appendix A)
It establishes the following rules:
Requirements of people entering Data Centre rooms.
ISD staff responsibility.
Record keeping requirements.
The policy is required because of the need to provide both access and high levels of
security to these locations as they host “core business” computer and network
systems and associated software.
Page 1 of 8
This policy applies to Data Centre rooms falling under the responsibility of
Information Services and it has the approval of the Deputy Director of Finance &
Information Services (ISD).
It establishes the process to authorise the following people to access Data Centre
rooms in the following situations:
Work-related access that cannot be undertaken by other means, for example
via a networked and secure desktop computer. Typically covers physical
access to hardware and work to the physical environment1.
Contractor/Consultant access.
Visitor access.
Emergency access.
ISD Campus Data Centres –
Belfast – 82D31
- Card-based access system controlled by PRD – ICT Infrastructure staff
and Campus ICT Manager (Belfast)
Jordanstown – 7C34
- Card-based access control system authorised by ICT Head of
Infrastructure is used to grant access to the Data Centre room
Coleraine – K011
- Card-based access control system authorised by ICT Head of
Infrastructure is used to grant access to the Data Centre room
Magee – MF118
- Card-based access control system authorised by ICT Head of
Infrastructure is used to grant access to the Data Centre room
Note: Security have access to the Data Centres for out-of-hours emergency
contractor access.
FIS – Finance and Information Services
ISD – Information Services
ICT Infrastructure – Division within ISD responsible for the University’s Data Centres
PRD – Physical Resources Department responsible for Data Centre Environment
For example by Physical Resources staff who may have to enhance the electrical socket provision
or undertake similar development or maintenance work
Page 2 of 8
Work-related (Permanent)
Permanent card based access to Data Centre rooms must only be authorised by the
Head of Infrastructure
A written request must be made with the following detail:
The person’s name
The department or section where they are located
The reason they require this access
From when access is required
For what period of time is access required
Frequency of access
On satisfaction of these details, individuals will be given an access control card
which permits them to enter the room. An access register (maintained by the Data
Centre and Operations Manager) stores these details. This register is reviewed on
an annual basis by the Data Centre and Operations Manager.
The Document given below must be read before entering the Data Centre for the first
time. It is located beside the Visitor Log book at each Data Centre door.
Note that access will be monitored both via a security system and via camera.
Upon leaving the employ of the University, the access card MUST BE RETURNED
to the Data Centre & Operations Manager.
Contractor/Consultant/Visitor (Temporary)
Contractors or Consultants or Visitors may require access to a Data Centre room
frequently or infrequently but do not satisfy the conditions of gaining permanent
access, for example an air conditioning engineer.
In order for a visitor to obtain access, the following conditions must be satisfied:
They must be employed by the University or contracted to perform work by
the University
They must give adequate time to allow access to be considered and
supervision to be arranged. This must be requested from the Head of
Page 3 of 8
Infrastructure who authorises the access or in the case of required contracted
work at least one day’s notice given to the Data Centre Manager
(Note that normal working hours are weekdays between 8.45am and 5pm.)
They must require access to the room to perform authorised duties.
In addition to the above conditions, visitors must satisfy the following requirements.
They must be supervised at all times by an Infrastructure staff member who has a
permanent authority to enter the Data Centre rooms and who will assume
responsibility for the visitor’s actions
The person authorising/supervising the visitor will be responsible for the following:
1. To ensure that all the conditions above are satisfied.
2. To ensure that they have read the Evacuation Procedures document located
at the Data Centre door entrance.
3. To ensure that the permitted access has been properly logged as detailed in
the record keeping section i.e. the visitor log at the Data Centre door
4. To monitor activities of this person in the Data Centre room.
Note that for Minor works requested by ISD but executed by PRD, either using their
own or contracted staff, All such works must have an accompanying suite of
Methods Statements as a mandatory constituent of any associated project
documentation. The responsibility to provide will reside with PRD and the
responsibility to ensure its provision resides with the authorised Infrastructure
manager who is responsible for requesting the works.
Emergency (Temporary)
In the event of an emergency out of normal working hours, security personnel
should contact the Estates department
If the situation is resolved without a member of ISD being present, the
attending Estates officer must report the details to the Data Centre Manager
next working day
If deemed necessary, the Estates officer and/or nominated member of ISD will
escort the contractor on-site
This policy is implemented across all four of the University Data Centres.
The policy has been approved by the Head of infrastructure and is to be reviewed
every 2 years.
Page 4 of 8
The following rules apply to all people granted authority to enter a Data Centre room.
Only authorised persons can enter Data Centre rooms
All persons must have read the document titled Evacuation Procedures
relating to University Data Centres
Access cards must be returned if staff leave ISD or cancelled if not returned
All persons are expected to work safely at all times, in line with Health and
Safety requirements
The Data Centre room should be treated as a clean room environment and
care should be taken to ensure that contamination of this area is prohibited
The room must be kept clean and tidy at all times
In the event that an emergency arises from work being undertaken, you must
notify ISD staff and University Security staff immediately
All persons must, in the event of a fire alarm, follow the directions to the
nearest assembly point
No food, drink or smoking is allowed in Data Centre rooms
A visitor log must be maintained that records each permitted temporary entry into the
Data Centre room. This log will be stored directly outside each room. It shall record
the following for each entry:
Name of visitor and company they work for
Reason for access to the room
Who requested/authorised this visit
Time of arrival and Departure
Supervised by signatory
As mentioned earlier, a register is kept showing details of staff who have been
allocated swipe cards.
If there are objections to this policy, these must be given in writing to Head of
Infrastructure, Mr. C. Spice.
The document which must be read prior to first entering any of the Data Centres is:
Evacuation Procedures Relating to University Data Centres.
Page 5 of 8
There are other Risk Assessment forms relating to various activities which may take
place within the confines of the Data centres which should be checked if a member
of University staff. External Contractors will have their own.
The Data Centre Manager holds a CD a Safe Working Induction provided by the
Physical Resources Department.
Head of Infrastructure, Mr. C. Spice
Email: [email protected]
Notification: Data Centre & Operations Manager, Mrs. J. A. Asquith
Email: [email protected]
In case of Emergency telephone 028 90362222
Other Internal Relative Documents for University Staff:
ISD Hardware Commissioning and Installation Business Process
H&S Risk assessments for the following can be obtained from the Data
Centre & Operations Manager –
Risk Assessment on Data Centres
Risk Assessment on Installation of Network Switches into Data Centre Racks
Risk Assessment on Installation of servers into Data Centre Racks
Page 6 of 8
Appendix A:
ISD Health and Safety Policy Guidelines
Key objectives include preventing accidents and injuries, minimise loss and to provide a
safe place to work, when necessary. Members of staff with access to Data Centre rooms
should always be very aware of any risks to themselves and others.
Our objectives are to:
Set down standards which will protect the health and safety of anyone entering
Data Centre rooms
Have a working environment that is, as far as is possible, without risk to health
and safety
Ensure that any guidelines in place are adhered to at all times
Carry out regular health and safety, fire checks, risk assessments and PATs
ISD Health and Safety Management Policy v2.0
Supplement 2: ICT Infrastructure’ “Execution of ISD’s Health and Safety Policy”
Page 7 of 8
Appendix B:
Guidelines for staff entering Data Centre rooms
Staff must always:
Observe all safety rules, procedures and instructions.
Have separate area for storing and unpackaging equipment.
Use all work items and equipment appropriately.
Ensure ‘good housekeeping’ routines. Keep area clear of obstructions
and packaging.
Report any observed defects/damage to equipment.
Report any hazards that come to their attention.
Vacate premises immediately if alarms sound.
Report stolen, lost or damaged cards to Data Centre & Operations Manager.
Immediately report any accidents or serious incidents.
Staff must not:
Install or leave cables or other items within the area of designated walkways.
or access points that may constitute a tripping hazard.
Saw, grind or cut materials in or around the vicinity of Data Centre rooms.
Lend their access card or keys to anyone.
Misuse/abuse equipment.
Attempt to lift heavy objects alone.
Use Data Centre room as storage area.
Re-enter Data Centre room after any incident, until given the all clear.
Eat or drink while in room.
Allow unauthorised persons access to Data Centre room.
Things to do prior to, and upon, entering Data Centre room:
Familiarise self with evacuation procedures on outer door.
Locate nearest First Aid box before entering Data Centre room.
Find out where recognised First Aiders can be located.
Check Fire Extinguisher locations.
Ensure that lighting and visibility is good.
Check that noise levels are not inordinately high.
Check that any possible escape routes are not blocked.
Check floor for tiles not being in place.
Check that carpet on tiles does not pose possible danger, i.e. tripping.
If working alone ensure that at least one other person, preferably your
Line Manager, knows where you are.
Page 8 of 8