Purpose

This Control sets the requirements which govern physical access control for network of the IT Services, Enterprise Data Centers

Scope

This Control applies to Staff, Faculty, visitors, contractors, and any requiring access to the University of Chicago Enterprise Data Centers. The scope includes:

• Data Center network infrastructure

Policy

• All Users, AUTHORIZED or UNAUTHORIZED, will comply with these requirements
• Network infrastructure will be physically protect
• Enterprise Data Centers hosting data with compliance requirements will have network equipment and communication closets secured

PROCESS

Network Infrastructure

• Enterprise Data Center networking equipment will:
  • Only activate those ports required for a physical connection
  • All unused ports will remain deactivated
  • Any network cable removed will have the connecting port immediately disabled
• Network closets supporting Data Centers with protected data will be in areas utilizing the campus electronic key card system
• Data Center network changes will required an approved change ticket
• IT Services will be the only authorized group implementing, modifying, removing, or patching any network in Data Centers with protected data
• Any communication cables leaving the Data Center will be in conduit to the upstream network closet/connection

Responsibilities

Listed below are the individuals involved with this PROCESS and the major scope of their responsibility:

• Executive Director for Enterprise Applications and Services
  • Support Access Control for Transmission Medium
• Director Data Center Strategy & Operations
  • Implement Access Control for Transmission Medium
• Director of Network
  • Implement Access Control for Transmission Medium
• ITS Data Center Governance
  • Approver Access Control for Transmission Medium

Related Documents

Policy and Procedure documents specific to IT Security, Change Management and Backup & Recovery

• CAB Process

PROCESS Review & Approval

Management will perform an annual review of this PROCESS. Based on the review, management may change this PROCESS to reflect its intentions and compliance requirements. Both IT Services and business users will be informed of any changes to this PROCESS and will be provided with a revised PROCESS.