Please enable JavaScript.
Coggle requires JavaScript to display documents.
FINDING 3 - Coggle Diagram
FINDING 3
-
Controls
manual visitor access log and standard operating procedure will be implemented, and records will be maintained for 1 year
Only authorized ITT personnel will be assigned electronic keys, which will be disabled as soon as possible upon notice of assignment change that no longer requires access to controlled areas
Vendors and other visitors requiring access to these areas will be required to sign in using the manual visitor access log, and must be escorted by an authorized ITT staff person throughout the visit
Condition
-
Physical access to the server rooms is not always restricted to authorized personnel, and is not reviewed on a periodic basis
Criteria
Physical access to computer room, file/communication servers, off-line data storage, and other sensitive storage should be appropriately restricted to authorized personnel.
-
Effect
Not restricting access to who can enter a data center can result in an intentional or unintentional loss of data, or server downtime
-
Response
Management’s Response
-
manual visitor access log and standard operating procedure will be implemented, and records will be maintained for 1 year
Only authorized ITT personnel will be assigned electronic keys, which will be disabled as soon as possible upon notice of assignment change that no longer requires access to controlled areas
Vendors and other visitors requiring access to these areas will be required to sign in using the manual visitor access log, and must be escorted by an authorized ITT staff person throughout the visit
received an estimate for a key access system that would provide automated access control and electronic logs for City Hall Data Center (2 doors), City Hall Communications Room (1 door), Siringo Network Operations Center (2 doors), and Siringo ITT Admin (2 doors)
-
-
-
-