See the specific requirements in the Data Center Security Standard in the University Policy library. The following supplements the requirements in University policy.
Protected facilities (e.g., data centers or network and telecommunications room/closet) are locations designed to protect IT resources. The security requirements include physical and environmental controls. Including establishment of redundant power supply (uninterruptible power supply) to maintain critical systems.
Protected facilities need to document their controls and procedures to protect the IT resources housed in the facility. This includes documenting roles and responsibilities that implement appropriate segregation of duties.
Technical staff are responsible for working with users, data owners, data custodians, and service owners to identify applications or systems that must be in a data center or network and telecommunications room/closet.
Users, data owners, data custodians, and service owners are responsible for working with Technical staff to identify applications or systems that must be in a data center or network and telecommunications room/closet.
Facility staff are responsible for maintaining the security controls to protect systems in the facility and defining what are the facilities’ and the facility tenants’ responsibilities (e.g., tenant is responsible for their disaster recovery plan for their unit’s hardware and data).
Facility tenants must follow through with the responsibilities identified by the facility.
See the Information Security policy appendices for additional information security standards that also apply.
This standard is based on the principles of ISO/IEC 27002:2013.