Office of the Chief Information Officer Enterprise Policy
CIO-058: IT Equipment Room Access at the Commonwealth Data Center
Effective Date: 09/22/2015
Review Date: 01/13/2017
Policy Statement: The purpose of this policy is to describe the responsibilities and procedures to be followed when requesting access to IT equipment room areas at the Commonwealth Data Center.
Policy Maintenance: The Commonwealth Office of Technology (COT), Infrastructure Support Branch (ISB) within the Office of Infrastructure Services (OIS) and the Office of the Chief Information Security Office (CISO) are jointly responsible for maintaining and updating this policy. Agencies may choose to add to this policy, in order to enforce more restrictive internal policies as appropriate and necessary. Therefore, staff members are to refer to their agency’s related policy, which may have additional information or clarification of this enterprise policy.
Authority: KRS 42.726 authorizes the Commonwealth Office of Technology to develop policies that support and promote the effective application of information technology within the executive branch of state government, as well as information technology directions, standards, and necessary management processes to assure full compliance with those policies.
Applicability: This policy is to be adhered to by all staff, including employees, contractors, consultants, temporaries, volunteers, vendors and other workers that wish to access Information Technology resources located in the Commonwealth Data Center (Cold Harbor).
Responsibility for Compliance: Agencies and staff outlined above in ‘Applicability’ are expected to understand and follow these guidelines. Each agency is responsible for assuring that staff under its authority has been made aware of the provisions of this policy, that compliance is expected, and that intentional disregard for this policy may result in disciplinary action up to and including dismissal. It is each Executive Cabinet’s responsibility to enforce and manage the application of this policy.
Review Cycle: This policy will be reviewed at least ever two years.
Visitors: Persons (staff, contractors, vendors, etc.) authorized by the Agency to access the Agency’s equipment located at the Commonwealth Data Center
CDC: Commonwealth Data Center
Policy: The IT infrastructure supported by COT is expanding and continuously becoming more complex. The Commonwealth Office of Technology is tasked with maintaining infrastructure stability and reliability for the Commonwealth of Kentucky. The purpose of this policy is to ensure all access to the infrastructure at the data center is conducted in a rational and predictable manner in order to increase efficiency, minimize the impact of change related incidents upon service quality, and consequently improve day-to-day operations of the organization.
The four types of access to the Commonwealth Data Center are:
1) Regular Access: Monday through Friday 7:00am to 6:00pm EST:
Visitors may access the Commonwealth Data Center, without providing prior notice, from 7:00 a.m. to 6:00 p.m. EST, Monday through Friday. All visitors must follow the Commonwealth Data Center Access Requirements listed below.
2) After-Hours Access: Anytime outside of 7:00am to 6:00pm EST Monday through Friday:
After-Hours Access means access is required anytime outside of Regular Hours Access. To gain After- Hours Access to the Data Center, the visitor must provide at least twenty-four (24) hours advanced notice before the desired access time. The notice must include the estimated time of the visitor's arrival and the estimated duration of the visitor’s stay. All visitors must follow the Commonwealth Data Center Access Requirements listed below.
3) Emergency Access: 24 hours a day, 7 days a week:
A visitor needing access to the Data Center in an emergency situation, as defined below, or is otherwise unable to provide notice for After-Hours Access, must provide immediate notice as soon as possible prior to the arrival at the Data Center. The notice must include the estimated time of the visitor’s arrival and the estimated duration of the stay. All visitors must follow the Commonwealth Data Center Access Requirements listed below.
An emergency situation is defined as:
Total System Failure (Server has been reported as no longer responding to a system check).
Total Application Failure (No part of the application is functioning or server is no longer responding to HTTP requests.)
Loss of Power
Loss of access to bandwidth
4) Other Access:
Access for other reasons not outlined above shall be approved by the COT Executive Director of the Office of Infrastructure Services. All visitors must follow the Commonwealth Data Center Access Requirements listed below. Other access requests include:
Required audits by state and federal agencies.
Tours by state agencies or private entities.
Extended access for Finance Facilities staff and contractors.
requests as approved by COT Executive Management.
Commonwealth Data Center Access Requirements:
ALL visitor’s/staff members shall comply with the steps listed below, as well as any additional requests deemed necessary or reasonable to maintain the security of the Data Center.
All notices must include the agency name, visitor’s name, the estimated time of arrival and the estimated duration of the stay. This notice should be directed to the Commonwealth Service Desk (during normal business hours) or to the COT Main Console (during non-business hours), both can be reached at (502) 564-7576 or via email to-commonwealthServiceDesk@ky.gov.
Agency Representatives and Equipment Vendors (Visitors):
a) The visitor must be able to provide a government-issued picture ID.b) The visitor must be an authorized contact or data center representative as defined by the Agency.
i. Agencies may modify their authorized contacts and data center representatives by contacting the agency’s Business Relationship Manager (BRM). Only persons listed specifically with the title “Authorized Contact” can authorize another individual’s access to the data center. Agency BRM’s are located on the COT webpage.
c) Visitors must first check in with the KY State Police Security Guard in the lobby of the
Commonwealth Data Center.
i. Upon verification of Agency authorized access, a pre-assigned photo access badge will be issued. This badge will allow access to the Main Console on the 2nd floor of the CDC.
ii. If a picture ID is not on file at the KSP guard desk a visitor badge will be issued only if the requestor is accompanied by an authorized visitor with a picture ID on file.
iii. Sign in to the Data Center Access Log.
iv. An on-file picture ID may be requested by contacting the COT Customer Service Desk at
d) At the Main Console, a service request, change or incident ticket must be referenced to obtain access to the equipment floors.
ii. The Equipment Floor badges (for access to the equipment floors) are controlled and distributed by the Main Console staff located on the 2nd floor of the data center.
iii. The Main Console staff will verify the service, change, or incident ticket and, based on the ticket, issue appropriate access.
iv. Badges must be signed out upon receipt.
e) The Main Console staff will escort the Customer/Vendor to the respective customer’s equipment. The visitor must remain with the Main Console staff member; at no time is the visitor to be left without the escort. If the Main Console staff member needs to return to the Main Console, the visitor will return with the staff member.
f) At the end of the visit, the Equipment Floor badge must be returned to the Main Console and signed back in.
g) The customer will return to the KSP Security
i. Return the photo ID badge.
ii. Sign out of the Data Center Access Log.
Commonwealth Office of Technology Staff Members:
a) A service request, change or incident ticket must be referenced to obtain access.
b) Each COT employee requesting access must have an Equipment Floor badge (for access to the equipment floors) issued by the Main Console staff located on the 2nd floor of the data center.
i. The Main Console staff will verify the service, change, or incident ticket and, based on the
ticket, issue appropriate access. Badges must be signed out upon receipt.
c) At the end of the visit, the Equipment Floor Badge must be returned to the Main Console and signed back in.
In the event of an emergency (as defined above) where services have been disrupted and it is not practical to delay the repair of the equipment or application, access may be provided without an existing Service Request, Change or Incident ticket. The process of obtaining access to the equipment floors shall remain the same as a normal request. COT staff requiring access shall request the Main Console distribute badges to the appropriate floor. Each staff member shall have a badge issued by the MC.
An appropriate Emergency Change Request shall be requested from the COT Customer Service Desk and COT Change Management Branch as soon as possible. Please refer to COT-009 for information.