Data Center Security and Surveillance Policy

• Table of Contents

  • EDC Inc Data Center Security and Surveillance Policy
  • 1.0 Purpose
  • 2.0 Scope
  • 3.0 Policy
  • 3.1 Physical Security
  • 3.2 Access Control
  • 3.3 Server Security
  • 3.4 Incident Management
  • 4.0 Enforcement
  • 5.0 Review and Revision
  • Summary

EDC Inc Data Center Security and Surveillance Policy

This policy outlines the security and surveillance measures that EDC Inc has put in place to protect its data centers. It is designed to provide a comprehensive framework for ensuring the confidentiality, integrity, and availability of our data center resources.

1.0 Purpose

The purpose of this policy is to establish guidelines for the secure operation of EDC Inc’s data centers. This includes the physical security of the data center facilities, the security of the data stored within these facilities, and the procedures for accessing and maintaining these resources.

2.0 Scope

This policy applies to all EDC Inc employees, contractors, and third-party service providers who have access to, or are responsible for, the management, operation, or maintenance of EDC Inc’s data centers.

3.0 Policy

3.1 Physical Security

The Corporate Physical Security department is responsible for the physical security of EDC Inc’s data centers. This includes the implementation of security measures such as access control systems, surveillance cameras, and intrusion detection systems.

• All data centers must be secured with access control systems that require multi-factor authentication.
• Surveillance cameras must be installed at all entrances and exits, as well as in key areas within the data center.
• All access to the data center must be logged and monitored by the Corporate Physical Security department.

3.2 Access Control

Access to EDC Inc’s data centers is strictly controlled by the IT Security Operations department. All user and service accounts are managed in Active Directory, and access is granted based on the principle of least privilege.

• All requests for access must be approved by the IT Security Operations department and documented in the CMDB.
• Access to the data center must be reviewed on a regular basis by the IT Audit and Compliance department.
• Any changes to access rights must be approved by the CAB.

3.3 Server Security

The IT Server Operations department is responsible for the security of the servers within EDC Inc’s data centers. This includes the implementation of security measures such as patch management, intrusion detection systems, and firewall configurations.

• All servers must be patched every 30 days, unless an IT Exception is approved by IT Security.
• OS patching is managed by IT Server Operations.
• All servers must be configured with firewalls that restrict inbound and outbound traffic to the minimum necessary for the server to perform its function.

3.4 Incident Management

The IT-SOC is responsible for managing security incidents that affect EDC Inc’s data centers. This includes the detection, analysis, containment, eradication, and recovery from security incidents.

• All security incidents must be reported to the IT-SOC immediately.
• The IT-SOC must coordinate the response to security incidents with the relevant departments, including IT Security Operations, IT Server Operations, and Corporate Physical Security.

4.0 Enforcement

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. Contractors and third-party service providers who violate this policy may have their contracts with EDC Inc terminated.

5.0 Review and Revision

This policy will be reviewed and revised as necessary by the IT Audit and Compliance department. Any changes to this policy must be approved by the CAB.

Summary

This policy provides a comprehensive framework for the security and surveillance of EDC Inc’s data centers. It outlines the responsibilities of various departments, including Corporate Physical Security, IT Security Operations, IT Server Operations, and IT-SOC, in ensuring the physical and digital security of our data centers. By adhering to this policy, EDC Inc aims to protect its data centers from threats and ensure the confidentiality, integrity, and availability of its data center resources.