Visitor and Contractor IT Premise Access Procedure

Transcription

1 Visitor and Contractor IT Premise Access Procedure Reference No. xx Revision No. 1 Relevant ISO Control No Issue Date: January 23, 2012 Revision Date: January 23, 2012 Approved by: Title: Ted Harvey Director, Technology Services Version History Version # Version Date Author Summary of Changes 1.0 Jan Ted Harvey Approvals Name Title Date of Approval Version # Ray Hoppins Distribution Name Title Date of Issue Version No. Personal Communication Devices Document Control Document Title Visitor and Contractor IT Premise Access Procedure Document Location IT Premise Access Procedure Page 1

2 IT Premise Access Procedure Page 2

3 Table of Contents 1.0 Overview Purpose Scope Risks...6 The risks associated with the Procedure subject... Error! Bookmark not defined. 5.0 Procedure Detail...7 Detailed Procedure statements... Error! Bookmark not defined. More Content... Error! Bookmark not defined. Procedure Detail Sub Heading... Error! Bookmark not defined. More Content... Error! Bookmark not defined. 6.0 Enforcement...11 If any member of IT staff is found to have breached this Procedure, they may be subject to disciplinary action.... Error! Bookmark not defined. If any user is found to have breached this security Procedure, they may be subject to disciplinary action.... Error! Bookmark not defined. Any violation of the Procedure by a temporary worker, contractor or supplier may result in the termination of their contract or assignment Procedure Governance Definitions...15 Detail any necessary definitions... Error! Bookmark not defined. More Content... Error! Bookmark not defined. 9.0 References...16 List any reference material used... Error! Bookmark not defined. More Content... Error! Bookmark not defined. IT Premise Access Procedure Page 3

4 1.0 Overview Chinook s Edge is a k-12 Learning organization, delivering. As such, we have a significant interest in the safety and privacy of our students and staff. Also, our data facilities have areas that could be considered hazardous to untrained or unequipped personnel. This document provides the mechanism to protect both our Visitors and the organization, while still filling our mandate of community education and participation. 2.0 Purpose The purpose of this document is to provide guidance for Visitors to Chinook s Edge IT data centres, data wiring and switch rooms, as well as employees sponsoring Visitors to Chinook s Edge. IT Premise Access Procedure Page 4

5 3.0 Scope This Procedure applies to all Visitors, Contractors and sub-contractors to any premise of Chinooks Edge, and to employees who sponsor Visitors. IT Premise Access Procedure Page 5

6 4.0 Risks IT Premise Access Procedure Page 6

7 5.0 Procedure Detail 5.1 Parking Visitors are encouraged to use designated Visitor Parking spots. If these spots are in use, regular employee parking spots should not be used. 5.2 Check-In All Visitors must arrive at a designated Check-In entrance (the main reception desk in most locations). All Visitors must present government-issue photo identification at time of Check-In. All Visitors must be met by their employee sponsor at the time of Check-In. A Visitor cannot sponsor another Visitor. Pets are not permitted; however, assistance animals such as Seeing Eye Dogs are permitted. In some cases prior arrangements may be required. Some technology areas (such as server rooms) are not appropriate for animals under any circumstances. 5.3 Visitor Badges Visitor Badges must be worn at all time. Employees are instructed to immediately report anyone not wearing a Visitor or Employee badge. Visitors requiring access to areas controlled by swipe card access locks should arrange with their sponsor for access. The sponsor or their designate should remain in attendance while the visitor is in these areas. 5.4 Photographs and Cameras Visitors are not permitted to take photographs inside of Chinook s Edge premises, unless arranged specifically with sponsoring employees. For instance, photographs are sometimes required for documentation purposes. If employees have any questions about the suitability of photographs, they should consult the FOIP Coordinator. IT Premise Access Procedure Page 7

8 5.5 Information Disclosure Visitors should not request information that does not pertain to their visit or the work being performed. Confidential or otherwise inappropriate nature, requests for corporate documents, student information, financial projections, comments on any matter currently under litigation or future organizational direction, or requests for information or statements in the name of the company (as might be requested by a reporter or a lawyer) will be reported to the FOIP officer, and will be dealt with under the Penalties section of this document. 5.6 Check-Out Visitors will check out at the same station where they arrived. All Visitor electronics may be checked out individually. Checking out of computers and related equipment may take significantly longer after regular business hours, Visitors should factor this into their estimates for exit times. 5.7 Emergency Evacuation All visitors must be made aware of the evacuation procedure in case of an emergency. In the event of an emergency, it is the sponsoring employee's responsibility to ensure that the Visitor remains in the Roster area. Emergency Coordinators will tally all Visitors using the Visitor Check- In information (using either the preferred online method or the fallback paper sheets). Visitors will not leave the property until it is confirmed with the Emergency Coordinators that they have successfully evacuated the building. 5.8 Multiple Day Visits and Longer Term Contracts Visitors who are at Chinook s Edge for multiple days must follow all procedures associated with this Procedure (Check-In, Check-Out, etc.) on each day of their visit. Longer term contractors can be sponsored for a photo-id badge and would then fall under the Long Term Contractor Procedure. IT Premise Access Procedure Page 8

9 5.9 Visitors and Groups Requesting Tours of the Facility All requests by groups for tours of Chinook s Edge facility will be referred to the Principal, Director or Superintendent for handling as an exception In these cases, a verbal summary of the Emergency Evacuation Procedure and the restrictions on Photographs will be communicated to the Visitor Group prior to entry of the facility by a pre-designated Chinook s Edge employee. Any hazard specific to the areas being visited will also be communicated at that time. Visits to areas of this type may require waivers to be signed individually before entry to the facility. All Visitors or Groups on a tour will be accompanied by their sponsor(s) at all times Network or System Access Consultants or other Visitors that require internet network access can freely access the CESDGUEST Wireless Network. Visitors who require access to production IT networks will need permission from their employee sponsor, who will arrange temporary credentials with the Helpdesk. Part of this procedure will require the Visitor to review the Acceptable Use Procedure. After credentials are arranged, activities on the network will be subject to the Acceptable Use Procedure. Visitor use of employee credentials is not permitted under any circumstances. Visitors who require access to the Student Information network will require prior permission from the FOIP Officer and the Superintendent of System Services. Visitor use of employee credentials is not permitted under any circumstances. Contractors making changes to production systems on either the IT or SIS networks are subject to the IT Systems Change Control Procedure. In these cases, employee sponsors are required to review this Procedure with affected Visitors and ensure that the lead time and exceptions sections especially are clearly identified. Remote Access to Chinook s Edge networks are governed by the Chinook s Edge Remote Access Procedure Courtesy IT Premise Access Procedure Page 9

10 All employees of Chinook s Edge are to bear in mind at all times that all Visitors are stakeholders. Even in the case of clear violations of this Procedure, all actions, dealings and conversations are to be courteous in nature. IT Premise Access Procedure Page 10

11 6.0 Enforcement Compliance This document is maintained jointly by the People Services Department and the Director of Technology. Enforcement of this Procedure falls to these offices, as indicated in this document Administration of the Check-In / Check-Out procedure is the responsibility of identified individuals in each facility. In most facilities it is a duty of the main Reception Desk. Authorized personnel within Chinook s Edge will perform audits on a regular basis. The Director of Technology Services, in accordance with the Audit Procedure, will manage audits. Technology Services will filter findings not related to a specific operational group and then present the findings to the appropriate support staff for remediation or justification. Every effort will be made to prevent audits from causing operational failures or disruptions. The responsibility for implementing this Procedure belongs with all Sponsors. Responsibility for ensuring that new and existing systems remain in compliance with this Procedure resides with the Chinook s Edge Technology Director. If any employee is found to have breached this security Procedure, they may be subject to disciplinary action. Any violation of the Procedure by a temporary worker, contractor or supplier may result in the termination of their contract or assignment. IT Premise Access Procedure Page 11

12 IT Premise Access Procedure Page 12

13 7.0 Procedure Governance The following table identifies who within CESD is Accountable, Responsible, Informed or Consulted with regards to this Procedure. The following definitions apply: Responsible the person(s) responsible for developing and implementing the Procedure. Accountable the person who has ultimate accountability and authority for the Procedure. Consulted the person(s) or groups to be consulted prior to final Procedure implementation or amendment. Informed the person(s) or groups to be informed after Procedure implementation or amendment. Responsible Director Technology Services Accountable Associate Superintendent System Services Consulted Technology Committee, FOIP coordinator, Safety Officer, COLT, Principals, Director of Faciltities Informed All CESD Employees, All Contractors, All temporary workers. IT Premise Access Procedure Page 13

14 IT Premise Access Procedure Page 14

15 8.0 Definitions TERM Application Administration Account DEFINITION Any account that is for the administration of an application (e.g., Oracle database administrator, PowerSchool administrator). IT Premise Access Procedure Page 15

16 9.0 References IT Premise Access Procedure Page 16