physical access restricted to only those whose job responsibilities require that they maintain the equipment or infrastructure of the room.
controlled by a strong authentication method, such as an electronic combination lock, a badge reader, a fingerprint reader, or other biometric scanning device. Lock combinations should be changed on a regular basis.
Doors: fireproof and secured with deadbolt type locks that can’t be easily picked.
Keys to server room doors - both electronic and traditional - should be numbered and the whereabouts of each copy logged.
no windows through which a person could gain access. If there are windows, they should be bulletproof/shatterproof, and/or protected by metal grates to prevent access if broken.
monitored by CCTV or IP cameras 24/7.
redundant power sources, such as a generator, to power electronic locks and authentication systems in case of a power failure or outage.
Server rooms and IT equipment rooms should not double as office space or storage space or any other shared purpose.
complete inventory of server room and IT network room equipment, including brands, models, serial numbers, and physical descriptions, should be completed and kept up to date.
system for securely disposing of unwanted discs, tapes, cards, hard drives, printed paper, and anything else that could contain confidential information should be implemented.