Physical Access

Introduction

Physical Security is important at Catalyst Repository Systems. Physical Security measures help to ensure the safety of our users, data, and intellectual property.

Scope

This policy will govern all of Catalyst's operated facilities, but it will not cover any subsidiaries.

Policy

Access Authorization

  • Catalyst personnel will be granted access to the appropriate facilities contingent upon signed agreement with current policies and documentation. Additionally, a background check must be completed and be satisfactory.
  • Personnel shall be authorized using the principle of least privilege.
  • Vendors shall be authorized for access dependent upon their contract with the organization. Vendors, with the exception of facilities maintenance, shall not have continual access to Catalyst facilities. Access shall be limited to the execution of contracted work. All vendors must provide credentials at the time of service.
  • Visitors must complete the sign-in process or be pre-registered by a designated receptionist. Visitors are only allowed in common office areas. Limited access badges may be issued to visitors for restroom access at special events or if they are visiting for an extended period.
  • Changes in access must be documented and approved by the IT and Security group or the SCC.

Offices: Office space maintained by Catalyst Repository Systems

  • All access points will remain locked at all times, and access points will be enabled by an auditable authorization system.
  • Personnel at Catalyst facilities are required to carry identification issued by Catalyst.

Technology Centers within Catalyst Offices: Network Closets and Server Rooms

Access to Data Centers: Location of Platform Infrastructure

  • Data centers will be governed by the security of the vendor and will conform to a minimum industry standard. Data center vendors are authorized vendors who may be engaged to assist with maintenance.
  • Data Center access must be documented and approved by a member of the SCC and reviewed annually.
  • Data Centers access will be restricted to personnel who carry out Catalyst business. NO VISITORS ARE ALLOWED AT THE DATA CENTERS.
  • Necessary vendor access to the data centers will be approved.

Compliance

Access audits will be conducted as part of the Risk Management program, and deviations will be reviewed for remediation opportunities.

Violations of the policy will be met with corrective action and carry the possibility of disciplinary action up to, and including, termination.

Exceptions

Exceptions must be documented and approved by the SCC.

Colophon

Owner: Security and Compliance Committee

$Date: 2018-07-18 08:27:51 -0600 (Wed, 18 Jul 2018) $

$Revision: 468889 $

results matching ""

    No results matching ""