DCS: Datacenter Security

Controls

DCS-01: Off-Site Equipment Disposal Policy and Procedures

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the secure disposal of equipment used outside the organization's premises. If the equipment is not physically destroyed a data destruction procedure that renders recovery of information impossible must be applied. Review and update the policies and procedures at least annually.

DCS-02: Off-Site Transfer Authorization Policy and Procedures

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the relocation or transfer of hardware, software, or data/information to an offsite or alternate location. The relocation or transfer request requires the written or cryptographically verifiable authorization. Review and update the policies and procedures at least annually.

DCS-03: Secure Area Policy and Procedures

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for maintaining a safe and secure working environment in offices, rooms, and facilities. Review and update the policies and procedures at least annually.

DCS-05: Assets Classification

Classify and document the physical, and logical assets (e.g., applications) based on the organizational business risk.

DCS-07: Controlled Access Points

Implement physical security perimeters to safeguard personnel, data, and information systems. Establish physical security perimeters between the administrative and business areas and the data storage and processing facilities areas.

DCS-09: Secure Area Authorization

Allow only authorized personnel access to secure areas, with all ingress and egress points restricted, documented, and monitored by physical access control mechanisms. Retain access control records on a periodic basis as deemed appropriate by the organization.

DCS-10: Surveillance System

Implement, maintain, and operate datacenter surveillance systems at the external perimeter and at all the ingress and egress points to detect unauthorized ingress and egress attempts.

DCS-12: Cabling Security

Define, implement and evaluate processes, procedures and technical measures that ensure a risk-based protection of power and telecommunication cables from a threat of interception, interference or damage at all facilities, offices and rooms.

DCS-13: Environmental Systems

Implement and maintain data center environmental control systems that monitor, maintain and test for continual effectiveness the temperature and humidity conditions within accepted industry standards.

DCS-14: Secure Utilities

Secure, monitor, maintain, and test utilities services for continual effectiveness at planned intervals.

DCS-15: Equipment Location

Keep business-critical equipment away from locations subject to high probability for environmental risk events.