Security Standards

The purpose of this standards document is to ensure that appropriate measures are put in place to protect the equipment and infrastructure at the Austin Shared Data Center of the University of Texas at Austin.

The objectives of the ASDC Security Standards are:

• Secure the University’s assets against fraud, breach of confidentiality or privacy, theft, mischievous or accidental damage; and
• Protect the University from liability or damage arising from the use of ASDC facilities for purposes conflicting to the University of Texas at Austin policies.

This standards document serves as a supplement to the Information Resources Use and Security Policy, which was drafted in response to Texas Administrative Code 202 and UT System UTS-165. Adherence to the standards will increase the security of systems and help safeguard university information technology resources. This standards document exists in addition to all other university policies and federal and state regulations governing the protection of the university's data.

Compliance with this document is required for all departments that locate systems in a ASDC Data Hall and for all personnel who visit a ASDC facility.

This standards document applies to all Austin Shared Data Center facilities operated by Information Technology Services at The University of Texas at Austin. Physical variations in the different buildings may result in slightly different operating procedures, depending on the building environment.

• All students, faculty and staff within University and System.
• All visitors.
• Austin Shared Data Center (ASDC) – the department that facilitates the Operation and Support of ASDC Facilities, Data Halls, and Infrastructure.
• Austin Shared Data Center Facility – the building that houses a ASDC Data Hall, the ASDC infrastructure and the offices supporting ASDC or ITS personnel.
• Austin Shared Data Center Data Hall – the secure area that houses the collocated equipment, including NOCS and Demarcation areas.
• Austin Shared Data Center Infrastructure – Critical equipment area that support a ASDC Facility and/or a ASDC Data Hall.

• Austin Shared Data Center (ASDC) – the department that facilitates the Operation and Support of ASDC Facilities, Data Halls, and Infrastructure.
• Austin Shared Data Center Facility – the building that houses a ASDC Data Hall, the ASDC infrastructure and the offices supporting ASDC or ITS personnel.
• Austin Shared Data Center Data Hall – the secure area that houses the collocated equipment, including NOCS and Demarcation areas.
• Austin Shared Data Center Infrastructure – Critical equipment area that support a ASDC Facility and/or a ASDC Data Hall.

The Austin Shared Data Center has established physical and environmental protection standards and procedures for effective management of security controls and enhancements to the Austin Shared Data Center Facilities and systems and University resources managed onsite.

Only authorized personnel have access to the Austin Shared Data Center facilities, data halls, and infrastructure as approved by the Austin Shared Data Center director. Authorized personnel are audited for necessity and accuracy. All visitors to the data center must provide identification in the form of UT or government issued identification.

Austin Shared Data Center enforces access control to the data center facilities and infrastructure: verifying individual access authorizations for all facility access requests, utilizing building access control technologies, escorting and monitoring visitor activities and maintaining access audit logs, and securing physical access devices, including keys and combinations.

The Austin Shared Data Center has security safeguards in place to protect information system distribution and transmission. Network Operations Centers are a secure area located within a Data Hall.

All output devices are in secured areas accessible only to authorized personnel that are able to monitor access control of devices (printers, copiers, and monitors).

Austin Shared Data Center monitors physical access to information systems to detect and respond to physical security incidents or suspicious physical access activities. Austin Shared Data Center employ physical intrusion detection and prevention controls which include intrusion alarms and video surveillance throughout the Data Center Facility and Data Halls. Additional control enhancements have been implemented for additional monitoring of the Data Halls and secured media storage areas. Two factor authorization is used in all Data Center Halls.

Austin Shared Data Center maintain visitor access records to the controlled areas or facilities where the information systems reside and records are reviewed on a reoccurring basis. All Administrative, Unescorted and Escorted Visitors must sign into the Visitor Log prior to gaining access to a Data Hall.

Austin Shared Data Center employs redundant power cabling paths that are physically separated to help ensure that power continues to flow in the event one of the cables is cut or otherwise damaged. Austin Shared Data Center also employs automatic voltage controls.

The data center facility has the capability of shutting off power to the agency information system or individual system components in emergency situations; emergency shutoff controls installed in data hall exits and infrastructure rooms facilitate safe and easy access for personnel.

The Austin Shared Data Center provides short-term uninterruptible power supplies to facilitate: an orderly shutdown of the information system; transition of the information system to long-term alternate power in the event of a primary power source loss. Austin Shared Data Center primary site also provides generators as a secondary source of power in the event of primary power source failure.

The Austin Shared Data Center employs and maintains automatic emergency lighting for the information systems that activates in the event of a power outage or disruption and that covers emergency exits and evacuation routes within the facility.

The Austin Shared Data Center employs and maintains fire suppression and detection devices/systems for the information systems that are supported by an independent energy source.

Austin Shared Data Center maintains and monitors temperature and humidity levels within the Data Center Data Halls.

The Austin Shared Data Center authorizes, monitors, and controls information systems components entering and exiting the facility and maintains records of those items.

An Alternate Work Site is readily available and capable of taking production environment control in the event that operations cannot continue at the primary location.

Austin Shared Data Center has a disaster recovery and business continuity plan in place and regularly performs testing to ensure plans remain current.

Austin Shared Data Center restricts physical access to digital, non-digital and magnetic data to only authorized personnel. All media is destroyed by the degaussing of hard drives prior to leaving the facility, unless otherwise requested by the media owner. ASDC provides a Secure Storage area for all commissioned and decommissioned devices and maintains chain of custody records. ASDC assists in the maintaining the lifecycle of the equipment by ensuring proper inventory policies are followed as prescribed by UT Policy.

Austin Shared Data Center have an incident response plan and provide incident response training with assigned roles and responsibilities of personnel to ensure the appropriate content and level of detail is included in such training.

Austin Shared Data Center have required training for Data Center personnel that addresses basic understanding of the need for information security and awareness of the need for operations security.

As a condition of obtaining access to the facility, all UT faculty, staff, students and third-parties shall agree to not disclose information they may obtain about the facility except to those who are required to have the information to conduct legitimate university business.

Periodic audits are performed to ensure compliance.