University of Suffolk operates a number of special purpose areas on campus housing equipment providing critical IT Infrastructure to the organisation (referred in the rest of this document as ‘data centres’ or ‘comms rooms’). As a part of IT Security, Data Protection and Service Availability best practice, this document defines the policies and procedures relating to access and conduct within Data Centre and Comms Room environments on the University Campus.
Rules of Conduct
The University expects all employees, visitors and third parties to adhere to the organisations rules of conduct when working in Data Centre and Comms rooms.
The following rules are compulsory and may carry penalties or future restrictions if breached:
- Unauthorised access is strictly prohibited;
- Food, drinks and smoking are strictly prohibited within the data centre;
- Cardboard and other forms of packaging must not be stored or otherwise left inside the Data Centre or Communications/Hub Rooms;
- All visitors may be requested to submit to a search of tool and laptop bags by security, prior to, or following access to the Data Centre or Comms rooms;
- When accessing the Primary Data Centre, staff/visitors must ensure they are trained and familiar with the correct operation of the FM200 Fire Suppression system, or are otherwise accompanied by a member of staff who is trained at all times;
- Tools such as drills or soldering irons and/or planned work that may produce vibrations, debris, dust, moisture, smoke, high temperatures or static electricity are not permitted without prior written authorisation from IT Services;
- In shared rack locations, suppliers must ensure they take care to not interfere with other equipment. If there are any concerns a member of IT Services staff should be contacted who will assist;
- When working inside the Hot Aisles or in cold/hot air plenums, staff and suppliers should ensure that disruption to the cooling process is minimised;
- When work has been completed, any racks worked in must be left closed and locked. Any rubbish or debris should be removed and the area left safe, clean and tidy. Fire Suppression should be re-armed (if applicable) and lights turned off prior to leaving.
Contractors And Visitors to the Data Centre must have an Authorisation Number prior to commencing work in Data Centre or Comms Room environments
Obtaining an Authorisation Number:
Staff and Visitors requiring access to the data centre should contact IT Services by emailing the request to ITServiceDesk@uos.ac.uk whereby an engineer will process the request and provide access details to the requester.
The following information is required to process the request:
- Company name or account number
- Contact name and number of the requester
- Name(s) of the person(s) requiring access
- Rack/cage details where access is required
- Date access is required
- Estimated time of arrival
- Expected duration of visit
- Summary of work to be undertaken.
All parties requiring access must ensure they have completed and submitted Change Requests and Risk Assessments/Method Statements (if applicable) at least 5 working days in advance.
Certain activities, in particular trade work (building alterations or electrical work for example) will require a permit to work from the University Estates Department before authorisation can be issued (IT Services will advise at the time the request is submitted).
Upon arrival, 3rd parties will be required to provide identification before access will be granted.
Once visitors have signed in (and any permits to work issued, where applicable, by the Estatesteam) an electronic visitors badge will be issued allowing access to the designated area of work, both items must be carried at all times and presented upon request.
Staff/Suppliers requiring assistance from the University's IT Enterprise (Infrastructure) Team/Estates Team for installation or removal of equipment will need to make sure this is requested at the same time the access request is raised.
Before leaving the premises all visitors must sign out and return their access card to Reception and any packaging or waste must be removed from site. Packaging and waste is the responsibility of the 3rd party to lawfully dispose of, unless agreed in advance with the University.
Permanent Access List
IT Services maintain a permanent access list for parties requiring regular access to data centre locations.
The following restrictions will apply to all visitors:
- Visitors without proper authorisation will be refused access
- Visitors who fail to present ID will be refused access
- All visitors requesting access must comply with the rules of conduct
- All visitors must comply with health and safety policies in place within the data centres
- Visitors deliberately attempting to access areas not permitted by their pass may be asked to leave and future access requests may not be approved.
The following restrictions apply to external suppliers and contractors:
- All suppliers must provide method statements and risk assessments in order to work. Suppliers not providing this documentation 24 hours prior to the requested time will be refused access (exceptions may be made in emergency situations but supervision will be required).
- Access to critical systems, such as power and cooling, will only be granted to approved maintenance contractors. Additionally suppliers working in the plant rooms must have 2 people present at all times, or otherwise comply with any lone working arrangements agreed with the Estates team.
- Suppliers will be responsible for providing their own tools and personal protective equipment (PPE) for the work being undertaken, as well as any barriers or signage indicated in the agreed Risk Assessment and Method Statements.
- Suppliers will be asked to provide details of their public liability and indemnity insurances, refusal to provide these will result in access not being granted.