Physical Security is important at Catalyst. Physical Security measures help to ensure the safety of our users, data, and intellectual property.
This policy will govern all of Catalyst's operated facilities, but it will not cover any subsidiaries.
- Catalyst personnel will be granted access to the appropriate facilities contingent upon signed agreement with current policies and documentation. Additionally, a background check should be completed and be satisfactory.
- Personnel shall be authorized using the principle of least privilege.
- Vendors shall be authorized for access dependent upon their contract with the organization. Vendors, with the exception of facilities maintenance, shall not have continual access to Catalyst facilities. Access shall be limited to the execution of contracted work. All vendors must provide credentials at the time of service.
- Visitors should complete the sign-in process or be pre-registered by a designated receptionist. Visitors are only allowed in common office areas. Limited access badges may be issued to visitors for restroom access at special events or if they are visiting for an extended period.
- Changes in access should be documented and approved by the IT and Security group or the SCC.
Offices: Office space maintained by Catalyst Repository Systems
- All access points will remain locked at all times, and access points will be enabled by an auditable authorization system.
- Personnel at Catalyst facilities are required to carry identification issued by Catalyst.
Technology Centers within Catalyst Offices: Network Closets and Server Rooms
- Access to these areas will be audited where possible.
- All non-personnel access to these areas should be supervised by authorized technical personnel.
Access to Data Centers: Location of Platform Infrastructure
- Data centers will be governed by the security of the vendor and will conform to a minimum industry standard. Data center vendors are authorized vendors who may be engaged to assist with maintenance.
- Data Center access should be documented and approved by a member of the SCC and reviewed annually.
- Data Centers access will be restricted to personnel who carry out Catalyst business. NO VISITORS ARE ALLOWED AT THE DATA CENTERS.
- Necessary vendor access to the data centers will be approved.
Violations of the policy will be met with corrective action and carry the possibility of disciplinary action up to, and including, termination.
Exceptions should be documented and approved by the SCC.
Owner: Security and Compliance Committee
$Date: 2018-12-13 12:44:26 -0700 (Thu, 13 Dec 2018) $
$Revision: 472630 $