3.3.5 Manage Data Center
| No: 43028139 | Date(g): 4/11/2021 | Date(h): 29/3/1443 |
Effective from 2021-11-04 - Nov 03 2021
To view other versions open the versions tab on the right
Principle
Adequate physical controls are designed and implemented to protect IT facilities and equipment from damage and unauthorized access.
Control Requirements
| 1. | Physical and environmental controls for managing the data center should be defined, approved and implemented. | |
| 2. | Physical and environmental controls should be monitored and periodically evaluated. | |
| 3. | Necessary physical and environmental controls should be implemented such as but not limited to: | |
| a. | access to the data center should be strictly controlled and provided on need to know basis; | |
| b. | visitors entry to data center should be logged and escorted by an authorized person; | |
| c. | smoke detectors; | |
| d. | fire alarms; | |
| e. | fire extinguishers; | |
| f. | humidity control; | |
| g. | temperature monitoring; and | |
| h. | CCTV. | |
| 4. | The outsourcing of data center should comply with the requirements published in the SAMA circulars on the Rules of The Outsourcing and Cybersecurity Framework. | |
| 5. | Member Organizations should ensure that appropriate control measures are built into contracts with the service providers to whom they plan to outsource data center such as but not limited to: | |
| a. | have documented business case for outsourcing data center services; and | |
| b. | nature and type of access to data center by the service provider. | |