I am the librarian for a large hospital - Hoping to tap into the collective wisdom of the group for a request that came to our library from our IS department
Can anyone provide a resource or (ideally) a policy statement from their hospital re data room access? Requested information:
" Other hospitals' policy on who, by skill or title, may be in the data room unescorted? (Who may be in the room where the servers are without supervision?)"
Generally the rule is highly limited access, generally only the IT facilities team and the Hardware Operations team. All people with unsupervised access should have background checks. Cameras and door logs should be used to audit employee access. System Administration teams should generally never need to touch the hardware (except where SysAd/Hardware/Operations are overlapping roles)
These days everything is about "Lights Out" management. You should not need to enter a server room/datacenter for anything other than rack and stack and physical hardware maintenance (AC, servers etc.) It is not unreasonable these days for sensitive environments to require two people be present whenever work is being done. (Rack and stack should be done with a buddy anyway, and having someone double check your cabling work can reduce errors.) The volume and temperatures etc of datacenters are starting to reach the point where protective equipment and careful safety management need to be considered so moving to lights out management is a good long term plan anyway.
While this answer certainly doesn't bear any legal weight, my opinion is that only the people who are responsible for building, managing, and maintaining the IT related equipment should be allowed in the data center room unescorted. All other parties should be escorted and supervised while in the data center room after being verified/approved by the IT director(s) and/or operations director(s).
