Office of Chief Technology Officer / OCTO Data Center Access Procedure V2.3

The District of Columbia

Office of the Chief Technology Officer (OCTO)

Network Operation Center

OCTO Data Center Building Access Procedure for Employees and Contractors

Version 2.3

January 11, 2018

This page is intentionally left blank

1

Office of Chief Technology Officer / OCTO Data Center Access Procedure V2.3

Table of Contents

Overview

1.0Objective

2.0Scope

3.0Responsibilities

3.1Frequency

3.1.1Employees Permanently Located at ODC1

3.1.2Commercial Visitors Entering and Exiting ODC1

3.1.3Employees Forgetting His/hers Badge at ODC1

3.1.4Employees Losing His/hers Badge at ODC1

3.1.5Personal Visitors Entering and Exiting ODC1

Acronyms

1

Office of Chief Technology Officer / OCTO Data Center Access Procedure V2.3

Points of Contact:

Name / Role / Phone Number / E-mail Address
Troy Evans / Director / 202.724.2028 /
Phil Haka / Data Center Engineering / 202.715.3729 /
Ian Gibson / Data Center Operations Manager / 202.727.6353 /
NOC / Network Operation Center / 202.724.2028 /

Document Revision Table:

Version / Change / Author / Date
1.0 / Release / Data Center / 02/14/2013
1.5 / Update / Data Center / 12/16/2013
2.0 / Update / William Olives / 05/01/2014
2.1 / Update / William Olives / 12/12/2014
2.2 / Update / Ian Gibson / 04/07/2016
2.3 / Update / Ian Gibson / 01/11/2018

Overview

Vital communication links, important servers and other key systems are physically secured at the OCTO Data Center (ODC) facilities, along with applications critical to the business of the DC Government. Procedures have been established and implemented to restrict and control access to ODC facilities at all times to prevent intruders from taking undesirable actions within the facilities. All persons entering the data centers must agree to follow all established procedures and accept the consequences that will include access restriction and/or eviction from the facility for violations.

At ODC1, a Windows based access control system and security guards that are contracted through Protective Services are deployed to limit the access to the facility, control personnel flow and track government property in and out of the facility.

Parking for DC employees and visitors to ODC1 are provided at the public parking lot surrounding the facility. Street parking is available.

Supervisors will provide advance notice via the Data Center Access Request Form for any person requiring access to the facility to attend a meeting or training session. Supervisors shall provide the same notification for vendors requiring access to the facility.

Supervisors will visit the link ( and complete the Access Request during regular business hours not less than one business day in advance.

1.0Objective

This document provides employees, contractors, visitors, and security personnel (provided by DC Protective Services (PSD)) with standard procedures to follow for access to ODC1 and ODC3. It also defines specific procedures to assist security personnel in maintaining a secure environment for persons, equipment, and the facility.

2.0Scope

This document will explain the various roles and responsibilities of Data Center facility Personnel.

3.0Responsibilities

Role / Responsibility
Guards: / Safeguard the facility and report security breaches to OCTO Network Operations Center and PSD. Ensure visitors check in and out and inspect personal baggage at the officer’s discretion. When personal or government equipment is bought into or removed from the facilities, property passes must be issued.
Security Guards will verify the authenticity and accuracy of the property pass and log them accordingly. Guards will constantly monitor the system that surveys the premises.
Management: / Provide advance notification to the Network Operations Center and submit completed documentation when agency personnel’s level of access to the facility requirements change. E.g., when a new hire is scheduled to begin working in the building or an employee is terminated.
Inform employees of the appropriate procedures when entering or exiting the premises or removing equipment from the premises.
Employees: / Adhere to all procedures and report any violations to management.

3.1Frequency

These procedures must be followed each and every time a DC government employee, contractor, maintenance staff member, or visitor requires access to the ODC facilities.

3.1.1Employees Permanently Located at ODC1

All DC government employees, contractors, and maintenance staff assigned to work at either ODCs must be registered with card key access system and Digitus Biometrics system.

  • All employees and contractors must sign the Contractor/Visitor logbook upon entering or exiting the premises.
  • Full legible signatures and the date/time are required (showing government issued identification if requested by the security guard).
  • (Note: Premises for ODC3 are defined as inside the gate. Premises for ODC1 are defined as right side of building all the way to the gate and the front of building but no further than the bus stop.)
  • All employees/contractors will use their access card upon entering and exiting the building always. No tailgating is allowed.
  • Upon exiting and re-‐entering the building, all personnel must document and sign their time in/out each time.
  • Employees/contractors are forbidden to sign in or out for anyone other than themselves.
  • Employees/contractors are forbidden to permit access to the ODC facilities to anyone without prior approval.
  • Property passes are required to transport computer equipment and government property in and out of the facility.

3.1.2Commercial Visitors Entering and Exiting ODC1

Commercial Visitors are defined as vendors, such as sales representatives and contractors who meet with employees to discuss their services.

  • All visitors must be on the Security Guard’s Data Center Access Request screen in order to gain access to the facility. If the visitor is not on the list, the security guard will not permit access.
  • All visitors must show government-‐issued identification along with job related identification if possible. (i.e. business card)
  • All visitors, upon entering the building, must sign in the Contractor/Visitor logbook using their full signature with the time/date of arrival and identify the employee they will be meeting.
  • All visitors are forbidden to sign in or out for anyone other than themselves.
  • All visitors must wait in the lobby to be escorted to their destination.
  • All visitors must be escorted at all times throughout the building and will have limited access to the Data Center.
  • Visitors will be escorted back to the security office to be signed out.

3.1.3Employees Forgetting His/hers Badge at ODC1

  • If the employee forgets his/hers badge, the security guard will contact the employee’s immediate supervisor or manager.
  • The employee’s supervisor or manager will create a Data Center Access Request form to access the facility.
  • After regular business hours, the security guard will contact the employee’s immediate supervisor or manager.

3.1.4Employees Losing His/hers Badge at ODC1

  • If the employee loses his/hers badge, the security will contact the employee’s immediate supervisor or manager.
  • The employee’s supervisor or manager will create a Data Center Access Request form to access the facility.
  • The employee’s supervisor or manager will notify the Network Operations Center via email message about the lost badge.
  • The appropriate form will be filled out to issue a new badge for the employee.
  • The employee will go to PSD with the form and get issued a new badge.
  • After regular business hours, the security guard will contact the employee’s immediate supervisor or manager.

3.1.5Personal Visitors Entering and Exiting ODC1

  • All visitors must be on the visitor list in order to gain access to the facility.
  • Visitors not on the list, the security guard will not permit access.
  • Children are not allowed in the building at any time.
  • All visitors will show current state issued identification when signing into the visitor’s logbook.
  • Visitors must be accompanied by employees at all times.
  • Visitors must be accompanied to the security area when exiting the facility.

Failure to comply with any of these procedures will result in disciplinary actions.

Page 1 of 8

Office of Chief Technology Officer / OCTO Data Center Access Procedure V2.2

Acronyms

Acronym / Description
CAB / Change Advisory Board
CM / Change Manager
CR / Change Request
CTO / Chief Technology Officer
ITCC / Information Technology Communication Center
NOC / Network Operations Center
OCTO / Office of the Chief Technology Officer
ODC / OCTO Datacenter
PSD / DC Protective Services

End of Document

Page 1 of 8