Standard and Process
Data centers are a facility or location designed to protect IT resources. The security requirements include physical and environmental controls.
Data centers need to document their controls and procedures to protect the IT resources housed in the facility. This includes documenting roles and responsibilities that implement appropriate segregation of duties.
IT staff are responsible for working with users, data owners and service directors to identify applications or systems that must be in a data center.
Users, data owners and service directors are responsible for working with IT staff to identify applications or systems that must be in a data center.
Data center staff are responsible for maintaining the security controls to protect systems in the data center and defining what are the data center’s and the data center tenants’ responsibilities (e.g., tenant is responsible for their disaster recovery plan for their unit’s hardware and data).
Data center tenants must follow through with the responsibilities identified by the data center service.
- This standard is based on the principles of ISO/IEC 27002:2005.
Document Owner: University Information Security
Document Approvers: Brian Dahlin, Chief Information Security Officer; Patton Fast, University Enterprise Architect
Effective Date: August 2010
Last Reviewed Date: November 2014