|
Longwood
University |
Policy 6106
ACCESS TO THE NETWORK OPERATIONS
CENTER
I. PURPOSE
The purpose of this policy is to
establish guidelines for access to the network operations center (NOC). This policy covers any activities performed
on Information and Instructional Technology Services (IITS) resources and systems.
II. POLICY
A. Access: Access to the operations center is restricted to employees authorized by the Chief Information Officer or his designee.
B. Utilization: The use of the NOC is considered a privilege granted to the IITS staff. To maintain the privilege, each individual is expected to meet certain responsibilities and limitations.C. Violations: Depending on the seriousness of the violation, the individual may be subject to disciplinary actions as prescribed by the chief security administrator or the University. Any reasonable suspicion of misuse or unauthorized use will be reported to the security administrator.
D. Inventory: All incoming and outgoing equipment or hardware to the NOC will be identified and inventoried.
E. Revisions: Guidelines are subject to change with the approval of department manager and the security administrator.
F. Cell phones are not allowed to be used in the NOC.
III. PROCEDURE
A. Access:
1. To gain access all individuals entering are required to complete the access log documenting name, date, arrival and departure times, and purpose of their visit.
2. NOC staff may grant access to authorized vendors, Longwood University staff, and Longwood University authorized tour groups.3. Visiting individuals must be escorted by an IITS staff member after obtaining permission from an operations' center member. These individuals must be supervised for the duration of the visit. Appropriate logs must be completed.
4. Failure to report access or activity shall result in a security violation.
B. Utilization:
1. Network Servers:
a. Recognizably, there are many authorized IITS members to the NOC. To help monitor activities performed on our resources and systems, an Action Log must be maintained.
b. The Action Log must be completed with server identification, action taken, date, time, and engineer's initials.
c. The Action Log will include activities such as maintenance, upgrades, system errors, shutdowns, and restarts.2. Services Utilized:
a. Telephone/special requests
b. Printing
c. Tape mountsd. Scantron
e. Backups and restores
C. Violations:
1. If an individual knowingly commits a violation, access may be suspended.
2. Any reasonable suspicion of misuse or unauthorized use may result in possible access denial, removal of system access privileges and/or disciplinary action..
D. Inventory:
1. All incoming/outgoing equipment/hardware to the NOC will be identified and inventoried on the operations equipment list.
2. Verification of the Longwood tag number, serial number, model number, date installed or removed, and equipment description will be logged.
3. The responsible IITS staff will furnish pertinent information to the supervisor of the NOC or inventory clerk for IITS for log input.E. Revisions:
1. Additional material will be added as new procedures and policies are formulated.
2. Policies, procedures, and information guidelines will be reviewed for revision on an annual basis or as needed.
3. Failure by an employee to comply with these policies and procedures may result in a security violation and/or the individual may be subject to disciplinary actions.
Approved by the Board of Visitors, September 7, 2002.