How do you write a Data Center Physical Access Policy and Agreement document?
THIS AGREEMENT is made on this Current Day day of Current Month, Current Year, between First Last (hereafter referred to as "the Undersigned" or "Customer") and Company Name (hereafter referred to as "Company"). The purpose of this policy is to set forth the Company Name Data Center Physical Access Policy ("DCPAP" or "Access Policy") by which the undersigned will abide while using, renting, leasing, or otherwise making use of Company facilities, goods, and services ("Data Center or Contracted Spaces"). By using Company's Data Center and facilities, the undersigned agrees to comply with the following policies.
Terms and Conditions
As a service, the standard Data Center Access and Security Policy is provided below. Company and Customer Responsibility. Company is responsible for ensuring that all resources under its control remain physically secure.
The Company maintains this access policy to provide a framework for Customers to follow for physical security and access to Company facilities and to instruct Customers on the procedures and policies that Company staff and technicians follow. Undersigned agrees to adhere to all posted notices or changes to protocol that the Company makes the Undersigned aware of during its visits to Company facilities. Data Center "Habits and Hygiene.
Access into Company facilities requires adherence to the following protocols and restrictions on dangerous materials ("dangerous materials"):
- No smoking or chewing tobacco is allowed.
- No combustible materials may be brought into the data center, including lighters, hand-warmers, mace, tear gas, aerosol cans, or compressed air.
- No eating or drinking is allowed in the data center.
- No drugs or alcohol are permitted in the data center.
- No weapons or firearms are allowed in the data center.
- No external fire suppression devices are allowed.
- No prohibited hardware is allowed.
- All work-related materials must be cleaned up before leaving.
- All work-related trash or garbage must be disposed of properly.
- No illegal activity of any kind is permitted.
- Insert Data Center-specific policies here (recycle bins, unattended equipment, etc.
Access Keycards and Identification
Company will issue identification badges and access keycards to Undersigned and Undersigned's designated agent(s). Company shall maintain a list of all authorized personnel issued such access and at no time shall identification badges or access keycards transfer between any other employee or other agent of the Undersigned without pre-approved, written permission from Company. If at any time Company becomes aware that an access badge has been transferred in violation of this policy, revocation of access to the Data Center and contracted space(s) may occur.
Data Center Access Procedures
Access to the Company Data Center is gained through the Data Center welcome room or insert specific manned space here and requires that all Customers sign in with a valid signature for a Company staff member to grant them access. Customers wishing access must have their identification badge and access keycard available for inspection. Undersigned or Undersigned's Agent will sign in and provide the time of entry to the Data Center and the purpose for their visit.
Exit from the Data Center requires that Undersigned or Undersigned's agents sign out with a valid signature for each Undersigned or Undersigned's Agent wishing to leave. At no time will a Company staff member be authorized to allow exit without each Undersigned or Undersigned's Agent properly signing out from the Data Center. If at any time an Undersigned or Undersigned's agent is allowed by a staff member to exit, the Undersigned or Undersigned's Agent should immediately demand to sign out of the Data Center and/or ask to see a Company supervisor.
Failure to adhere to the sign-in and sign-out procedures could result in revocation of access to the space.
1 "Visitor" Physical Access and Procedures
Visitor shall mean any individual who is not on an approved Access List on file with the Data Center. All visitors shall enter the Data Center through the Data Center Welcome Room and wait for a Staff Member to sign the visitor in.
The Undersigned may allow Visitors to gain access to the Data Center, subject to the Undersigned's Access Type, provided that:
All visitors must have their visit(s) scheduled and approved by the Company Data Center Supervisor at least 24 business hours prior to their visit. All visitors shall sign a copy of the Data Center Access and Security Policy ("DCPAP") to be kept on file by the Data Center and shall be governed according to the Specifications of the Data Center Contract or Co-location Contract between Company and Undersigned. A Data Center Employee or Staff Member must accompany Visitor(s) at all times while within the Data Center. All visitors must sign in and sign out when entering or exiting the Data Center.
Visitors must wear an identification badge at all times. Upon sign-out and exiting the data center, visitors are responsible for turning in any identification badges or ID issued to them during their visit. Failure to properly turn in these materials may result in financial penalties or sanctions against Undersigned or Visitor.
Any exceptions to any of the above policies must have the written approval of the Data Center Supervisor.
2 Disclosure of Security, Access, or other Policies Governing the Security of the Data Center
All persons entering the Data Center, whether the Undersigned, its Agents, Employees, Vendors, or Visitors agree to hold all Proprietary Information, including all information related to the security, operation, policies, procedures, or any other information they may come in contact with regarding the Data Center in the strictest of confidence and to take the same degree of care to protect such information as they do with their own Proprietary Information. No less than reasonable care shall be maintained by the Undersigned or its agents. Undersigned agrees not to disclose or use any such Proprietary Information or any information derived from Data Center contact to any firm, supplier, business, individual, third party, or other organization.
Data Center Access Types
For our customers' convenience, the Company maintains several types of access to the Data Center.
Access levels include:
- 1 Unrestricted Access to All Contracted Space(s).
- 2 Restricted Access to Specific Contracted Space(s).
- 3 Escorted Access to Contracted Space(s).
The level of access shall be determined and maintained by the Company and Customer according to the Specifications of the Data Center Contract or Co-location Contract between Company and Customer.
Emergency Access by Personnel Not Currently on Access Lists
Access by Undersigned or Undersigned's Agents not currently on any access lists may be granted only by the Company Data Center supervisor and shall be governed according to the Specifications of the Data Center Contract or Co-location Contract between Company and Customer. Access to the Data Center under this condition shall be noted as an "emergency access" in the Data Center security logs. Any inappropriate use of "emergency access" may result in access being immediately denied and the requesting Undersigned or Undersigned's Agent being ejected from the Data Center and/or Customer's "emergency access" privileges revoked.
Modification of Agreement
Company reserves the right to add, modify, or delete any provision of this Agreement at any time and without notice. Company reserves the right to restrict any access right at any time, whether a violation of this agreement occurs or not. Company reserves the exclusive right and will be the sole arbiter as to what constitutes a violation of any of these provisions.
Potentially Tortuous or Illegal Conduct
The following shall be construed as violations of this Agreement and may result in suspension or deletion of a Customer's account or in termination of this Agreement. Falsifying any information provided to Company or to other staff members in connection with access to the data center or the use of a Company facility, product, or service. Allowing access to any restricted area(s) by individual(s) or allowing individuals to gain access to any restricted areas as defined in the Specifications of the Data Center Contract or Co-location Contract between Company and Customer.
Allowing any dangerous or restricted materials inside the data center or Company facilities at any time.
Data Center System and Network Security
Violations of Data Center system or network security are strictly prohibited, and may result in criminal or civil liability. Examples include but are not limited to: allowing unauthorized access to data center; use of any Company product or service that Customer does not have permission to use; use of any equipment, hardware, connections or other materials that Customer does not have permission to use; disruption or interference with the connectivity and access or otherwise impeding other Customers' use of the Company Data Center, products, or services.
Consequences of Violation
If Company becomes aware of an alleged violation of any of the terms contained in this Agreement, or any other policy that has been posted on its web site, made available to Customer via email, or posted in any other form, Company shall initiate an investigation. During the investigation, Company may restrict Customer's access to the Data Center or other Company products and services to prevent further possible unauthorized activity. Company may, at its sole discretion, restrict, suspend, or terminate Customer's account without notice or refund, or pursue civil remedies as it deems necessary.
Company shall notify the appropriate law enforcement department of any such violations. Company shall not be responsible for any payment, refunds, or compensation in any way for service disruptions or termination resulting from violations of this Agreement. The Undersigned represents and warrants that, on the date first written above, the Undersigned is authorized to enter into this Agreement in its entirety, and duly binds its respective principals by the signature below.