3.3.5 Manage Data Center
| No: 43028139 | Date(g): 4/11/2021 | Date(h): 29/3/1443 | Status: In-Force |
Principle
Adequate physical controls are designed and implemented to protect IT facilities and equipment from damage and unauthorized access.
Control Requirements
| 1. | Physical and environmental controls for managing the data center should be defined, approved and implemented. | |
| 2. | Physical and environmental controls should be monitored and periodically evaluated. | |
| 3. | Necessary physical and environmental controls should be implemented such as but not limited to: | |
| a. | access to the data center should be strictly controlled and provided on need to know basis; | |
| b. | visitors entry to data center should be logged and escorted by an authorized person; | |
| c. | smoke detectors; | |
| d. | fire alarms; | |
| e. | fire extinguishers; | |
| f. | humidity control; | |
| g. | temperature monitoring; and | |
| h. | CCTV. | |
| 4. | The outsourcing of data center should comply with the requirements published in SAMA circulars on the Rules of The Outsourcing and Cybersecurity Framework. | |
| 5. | Member Organizations should ensure that appropriate control measures are built into contracts with the service providers to whom they plan to outsource data center such as but not limited to: | |
| a. | have documented business case for outsourcing data center services; and | |
| b. | nature and type of access to data center by the service provider. | |