How to write my Data Center Access and Security Policy Template document
THIS AGREEMENT is made this Current Day day of Current Month, Current Year by and between Company Name (hereafter referred to as "Customer") and Company Name (hereafter referred to as "Company"). The purpose of this policy is to set forth a Data Center Access and Security Policy ("DCASP" or "Access Policy") by which Customer will abide while using, renting, leasing, or otherwise making use of Company facilities, goods, and services ("Data Center or Contracted Spaces"). By using Company's Data Center and facilities, Customer agrees to comply with the following policies and assume responsibility for the compliance of all policies by Customer and Customer's Agents.
Terms and Conditions
As a service, the standard Data Center Access and Security Policy is provided below.
Company and Customer Responsibility
Company is responsible for ensuring that the security of all resources under its control remains physically secure. The Company maintains this access policy in order to provide a framework for Customers to follow for physical security and access to Company facilities and to instruct Customers on the procedures and policies that Company staff and technicians follow. Customer agrees to adhere to all posted notices or changes to protocol that the Company makes the Customer aware of during its visits to Company facilities.
Data Center "Habits and Hygiene
Access into Company facilities requires adherence to the following protocols and restrictions on dangerous materials ("dangerous materials"):
- No smoking or chewing tobacco is allowed.
- No combustible materials may be brought into the data center, including lighters, hand-warmers, mace, tear gas, aerosol cans or compressed air.
- No eating or drinking is allowed in the data center.
- No drugs or alcohol are permitted in the data center.
- No weapons or firearms are allowed in the data center.
- No external fire suppression devices are allowed.
- No prohibited hardware allowed Insert descriptions into your Contract rather than a blanket statement here.
- All work-related materials must be cleaned up before leaving.
- All work-related trash or garbage must be disposed of properly.
- No illegal activity of any kind is permitted.
- Insert Data Center-specific policies here (recycle bins, unattended equipment, etc.
Access Keycards and Identification
Company will issue identification badges and access keycards to Customer and Customer's designated agent(s). Company shall maintain a list of all authorized personal issued such access and at no time shall identification badges or access keycards transfer between any other employee or other agent of the Customer without pre-approved, written permission from Company. If at any time Company becomes aware that an access badge has been transferred in violation of this policy, revocation of access to the Data Center and contracted space(s) may occur.
Data Center Access Procedures
Access to the Company Data Center is gained through the Data Center welcome room or insert specific manned space here and requires that all Customers sign in with a valid signature in order for a Company staff member to grant them access. Customers wishing access must have their identification badge and access keycard available for inspection. Customer or Customer's Agent will sign in and provide the time of entry to the Data Center and the purpose for their visit.
Exit from the Data Center requires that Customer or Customer's agents sign out with a valid signature for each Customer or Customer's Agent wishing to leave. At no time will a Company staff member be authorized to allow exit without each Customer or Customer's Agent properly signing out from the Data Center. If at any time a Customer or Customer's agent is allowed by a staff member to exit, the Customer or Customer's Agent should immediately demand to sign out of the Data Center and/or ask to see a Company supervisor.
Failure to adhere to the sign-in and sign-out procedures could result in revocation of access to the space.
Data Center Access Types
For our customers' convenience, the Company maintains several types of access to the Data Center.
Access levels include:
- Unrestricted Access to All Contracted Space(s).
- Restricted Access to Specific Contracted Space(s).
- Escorted Access to Contracted Space(s).
Insert Access Description
The level of access shall be determined and maintained by the Company and Customer according to the Specifications of the Data Center Contract or Co-location Contract between Company and Customer.
Emergency Access by Personnel Not Currently on Access Lists
Access by Customer or Customer's Agents not currently on any access lists may only be granted by the Company Data Center supervisor and shall be governed according to the Specifications of the Data Center Contract or Co-location Contract between Company and Customer. Access to the Data Center under this condition shall be noted as an "emergency access" in the Data Center security logs. Any inappropriate use of "emergency access" may result in access being immediately denied and the requesting Customer or Customer's Agent being ejected from the Data Center and/or Customer's "emergency access" privileges revoked.
Modification of Agreement
Company reserves the right to add, modify, or delete any provision of this Agreement at any time and without notice. Company reserves the right to restrict any access right at any time, whether a violation of this agreement occurs or not. Company reserves the exclusive right and will be the sole arbiter as to what constitutes a violation of any of these provisions.
Potentially Tortuous or Illegal Conduct
The following shall be construed as violations of this Agreement and may result in suspension or deletion of a Customer's account or in termination of this Agreement. Falsifying any information provided to Company or to other staff members in connection with access to the data center or the use of a Company facility, product, or service. Allowing access to any restricted area(s) by individual(s) or allowing individuals to gain access to any restricted areas as defined in the Specifications of the Data Center Contract or Co-location Contract between Company and Customer. Allowing any dangerous or restricted materials inside the data center or Company facilities at any time.
Data Center, System, and Network Security
Violations of Data Center, system or network security are strictly prohibited, and may result in criminal or civil liability. Examples include but are not limited to: allowing unauthorized access to data center, use of any Company product or service that Customer does not have permission to use, use of any equipment, hardware, connections or other materials that Customer does not have permission to use, disruption or interference with the connectivity and access or otherwise impeding other Customers' use of the Company Data Center, products, or services.
Consequences of Violation
If Company becomes aware of an alleged violation of any of the terms contained in this Agreement, or any other policy that has been posted on its web site, made available to Customer via email, or posted in any other form, Company shall initiate an investigation. During the investigation, Company may restrict Customer's access to the Data Center or other Company products and services in order to prevent further possible unauthorized activity. Company may, at its sole discretion, restrict, suspend, or terminate Customer's account without notice or refund, or pursue civil remedies as it deems necessary. Company shall notify the appropriate law enforcement department of any such violations.
Company shall not be responsible for any payment, refunds, or compensation in any way for service disruptions or termination resulting from violations of this Agreement. The undersigned represents and warrants that, on the date first written above, the undersigned is authorized to enter into this Agreement in its entirety, and duly binds respective principals by the signature below.