SOUTHWESTERN BELL TELEPHONE COMPANY SW 007-590-905
SWBT Standard Issue D, September 1994
COMPUTER FACILITY PHYSICAL SECURITY
CONTENTS PAGE
1. GENERAL...... 3
2. GLOSSARY OF TERMS...... 4
3. FIRE CONTROLS...... 8
A. Computer Room Location...... 8
B. Compartmentation...... 8
C. Furnishings and Materials...... 11
D. Detection-Alarms...... 12
E. Suppression...... 13
F. Access-Egress...... 15
G. Administration...... 16
H. Inspection-Maintenance...... 17
I. Miscellaneous...... 18
4. PHYSICAL ACCESS CONTROLS...... 21
A. Computer Room Location...... 21
B. Building/Computer Facility Access-Egress...... 21
C. Building/Computer Facility Occupants...... 27
D. Compartmentation...... 30
E. Physical Access Control Devices...... 33
F. Computer Terminals/Personal Computers...... 35
G. Collocation...... 36
H. Miscellaneous...... 39
5. ENVIRONMENTAL CONTROLS...... 39
A. Computer Room Location...... 40
B. Compartmentation...... 40
C. Lighting...... 40
D. Water...... 41
E. Air Conditioning...... 42
F. Temperature-Humidity...... 42
G. Electrical Power Supply...... 43
H. Magnetic Media Facilities...... 45
I. Inspection...... 45
J. Miscellaneous...... 45
6. OTHER FACILITY CONTROLS...... 46
A. Computer Facility Location...... 46
PROPRIETARY
Not for use or disclosure outside of Southwestern Bell
Telephone Company except under written agreement.
Page 1
SW 007-690-906
B. Administration...... 46
C. Records Retention...... 48
D. Magnetic Media Facilities...... 48
7. EARTHQUAKE PREPAREDNESS: COMPUTER PROTECTION...... 49
Appendix 1...... 1
Computer Facility Physical Security Controls Checklist...... 1
Appendix 2...... 1
Computer Room: Illustration...... 1
Appendix 3...... 1
Magnetic Media Facilities: Illustrations...... 1
Appendix 4...... 1
Handling Bomb Threat Calls: Instructions...... 1
Appendix 5...... 1
Earthquake Preparedness: Computers...... 1
Appendix 6...... 1
Bibliography...... 1
PROPRIETARY
Not for use or disclosure outside of Southwestern Bell
Telephone Company except under written agreement.
Page 2
SW 007-590-905
1. GENERAL
1.01 This practice is issued to provide Southwestern Bell Telephone
Company (SWBT) with computer physical security guidelines for its
computer facilities in Company-owned buildings or leased quarters.
These computer facilities are normally on raised floor and contain
some combination of one or more of the following: mainframe
computers, midrange computers, personal computers (PCs), computer
peripherals, magnetic media facilities, and administrative areas
where computer facility personnel and resident vendor
representatives reside.
1.02 This practice also applies to facilities that might not have raised
floor, but are within major computer facilities (e.g., Print-Punch,
Bursting, Bill Mailing and Distribution), and therefore should be
protected in the same manner as a computer room.
1.03 This practice contains some guidelines that might not apply to mid
range-computer-based facilities or office-based facilities. The
myriad configurations of these "small systems" computer facilities
sometimes make it economically or operationally impractical for
these facilities and their operations to be designed or retrofitted
to conform with all guidelines in this practice. A guideline can
be considered as inappropriate for a "small systems" computer
facility if facility management can make a case that economic or
operational hardship could result by conforming to the guideline.
When a guideline is based on requirements from other practices
(e.g., Operating Practices (O.P.s), Southwestern Bell Practice (SW)
sections, the 760 Bell System Practice (BSP) sections), the above
waiver can only be considered when allowed by stipulations in those
practices.
1.04 This practice provides physical security guidelines that do not
specifically address specialized devices, such as security
vestibules, passenger/freight elevators with security codes, motion
detectors, and so forth. Although use of these devices is
encouraged when they can be justified by cost or need, they are not
normally used to protect a computer facility. It is impractical for
this generic practice to address the myriad of possible
configurations and uses of these specialized devices. Managers of
computer facilities where these devices are employed are encouraged
to contact Computer Security Administration at (314)235-0237, which
provides assistance in developing guidelines for special
situations.
1.05 This practice is one of the computer security practices that
supplement Operating Practice (O.P.) 113 "Protection of Electronic
Information." O.P. 113 provides Southwestern Bell Telephone Company
employees with the general policies, standards, and procedures to
protect the Company's ability to deliver
PROPRIETARY
Not for use or disclosure outside of Southwestern Bell
Telephone Company except under written agreement.
Page 3
SW 007-690-906
and support electronic information resources regardless of the
location of those resources. O.P. 113 identifies those resources
and the responsibilities for which employees will be held
accountable.
1.06 In some localities, building codes might prohibit retrofitting a
building in a particular manner to correct noncompliance with one
or more of this practice's guidelines. In this case, computer
facility management should do as much as possible to correct
noncompliance short of the prohibited retrofit. For example, even
if a locality's building code prevents filling in building
perimeter windows of a ground-level computer room, the room's
management should still alarm the windows and keep window blinds
closed.
1.07 This practice is intended to take precedence over BSP Section
007-590-303 "Computer Center Physical Security and Disaster
Recovery - Physical Security."
1.08 Portions of this practice are designed to be condensed versions of
the practices listed in Appendix 6 (Bibliography), and are to be
used in conjunction with, rather than in place of, those
practices.
1.09 References to the practices listed in the Bibliography appear in
the body of this practice. A reference that appears at the end of a
guideline indicates that more detailed information pertaining to
the guideline is provided in the referenced practice. The format is
as follows:
x.xx - guideline (referenced practice section)
1.10 Most major considerations in planning building facilities for
computers have been removed from this practice. Only planning
guidelines that affect the traditional areas of physical security
remain. Computer facility planning guidelines can be referenced in
SW Section 007-150-100 "Information Services Data Center Design
and Planning." When the specifications in this practice mandate
major modifications to a computer facility, such modifications
should be planned in accordance with SW Section 007-150-100.
1.11 This practice adheres to O.P. 113's definition of "guidelines" and
"standards." Guidelines are rules that are highly recommended and
may be recognized by the use of the word "should." Standards are
rules that must be followed and are recognized by use of the words
"must" or "shall" or the phrase "is(are) to be."
2. GLOSSARY OF TERMS
2.01 An Automatic Cartridge System (ACS) silo consists of a
computerized tape cartridge system employing a robotic device for
cartridge storage, retrieval, and
PROPRIETARY
Not for use or disclosure outside of Southwestern Bell
Telephone Company except under written agreement.
Page 4
SW 007-590-905
mounting, housed in an enclosed metal cylinder (11 feet in diameter; 8
feet high) that is designed to deter contamination.
2.02 Card key describes a magnetically encoded plastic card that allows its
owner access (egress) to (from) secured areas via physical access
control system card key readers.
2.03 A combustible or flammable is any material, in the form that it is to be
used and under the conditions anticipated, that will burn, support
combustion, or release vapor when subjected to fire or heat.
2.04 Company I.D. is the Southwestern Bell employee photo-I.D. card. An
employee must, with few exceptions, wear this card when in a Company
building.
2.05 Company proprietary document refers to paper, microfilm, microfiche,
cardboard (e.g., punched cards), and ribbons (for typewriter and
printer) that contain information intended solely for Southwestern Bell
purposes.
2.06 Computer facility is defined as the computer system and the computer
rooms that house it, and the administrative areas where computer
facility personnel and resident vendor representatives reside. (BSP
Section 007-590-301)
2.07 A computer room consists of a computer system, raised floor, lighting,
electrical equipment, air conditioning, humidity control, chilled water
conditioning, communication facilities, physical access controls,
storage cabinets, furniture, fire detection and suppression. Depending
on the type of computer system installed in a computer room (i.e.,
mainframe system, midrange computer system, personal computer system),
not all of the elements listed above will be required. (BSP Section
007-590-301)
2.08 Daily pass is a non-photo-I.D. card issued to visitors who need access
to Company buildings from one (1) to five (5) days. Visitors assigned
this pass should wear it when in a Company building and be escorted at
all times. This card can also be issued to employees who forget their
employee photo-I.D. card, but the card should be altered/designed to
look different from a daily pass issued to visitors. (O.P. 78)
2.09 Employee, or company employee, is a Southwestern Bell employee.
2.10 Fire annunciator panel is an electrically controlled signal board
usually connected to a wall outside a computer room. The board indicates
the zone or floor from which a fire alarm originates. A schematic
detailing the layout of fire detection zones and system wiring is
usually posted on or next to the board.
PROPRIETARY
Not for use or disclosure outside of Southwestern Bell
Telephone Company except under written agreement.
Page 5
SW 007-690-905
2.11 Fire damper is a device (e.g., steel plate) that, when activated,
is designed to resist the passage of fire/smoke; e.g., by
dropping into an air duct, cutting off air passage through the
duct.
2.12 Fire extinguisher is a container for an extinguishing agent that
can be liquid, powder, or gas. Each extinguisher is classified
for use on a certain class or classes of fire (A, B, C, or D).
Class A covers ordinary combustibles; Class B: flammable
liquids; Class C: electrical equipment; and, Class D: combustible
metals. A typical marking on a multi-purpose unit might read:
2-A: 20-B:C. The higher the number, the greater the
extinguishing potential.
2.13 A gaseous total flooding extinguishing system consists of a fire
extinguishing agent (in storage tank); e.g., FE13, FM200, Halon
1301, Inergen, arranged (through a piping system) to discharge
(through a nozzle) into, and fill to the proper concentration,
either an enclosed space, an enclosure about the hazard, or an
open space. The fire extinguishing agent is normally of gaseous
composition.
2.14 Interim I.D. is a non-photo I.D. card issued to some temporary
employees and some temporary vendor representatives who need
access to Company buildings for six (6) days to sixty (60) days.
The card holder should wear this card when in a Company building.
Persons assigned this card are to be escorted at all times and
not be given physical access control devices. But management has
the option to modify the sign-in or sign-out requirement for
these people (see Items 4.06-07). This card should not be given
to persons, who, for example, are salespersons, occasional
delivery personnel, retired employees, friends/relatives of
Company employees, etc. Issuance of this card requires management
sponsorship and authorization. (O.P. 78)
2.15 Magnetic media library is the computer room designated for normal
storage of magnetic media. This term replaces the term "tape
library." Note: A data center's AMA tape library is a type of
magnetic media library.
2.16 Magnetic media operations library is the computer room designated
for normal storage, maintenance, and processing of magnetic
media. This facility combines all or part of the magnetic media
library with all or part of the magnetic media operations room.
2.17 Magnetic media operations room is the computer room designated
for normal maintenance and processing of magnetic media. This
term replaces the term "tape pool" or "tape operations room."
PROPRIETARY
Not for use or disclosure outside of Southwestern Bell
Telephone Company except under written agreement.
Page 6
SW 007-590-905
2.18 A noncombustible or nonflammable is a material that, in the form in
which it is used and under the conditions anticipated, will not aid
combustion or add appreciable heat to an ambient fire.
2.19 A computer facility can employ any of the following ordering of magnetic
media facilities:
o Magnetic media library and magnetic media operations room
o Magnetic media operations library
o Magnetic media library and magnetic media operations library
o Magnetic media operations room and magnetic media operations library
o Magnetic media library, magnetic media operations library, and
magnetic media operations room
The facilities within each collection are to be separate from one
another. (See Appendix 3 for illustrations.)
2.20 A physical access control system is a system of devices (e.g., card key
system: card readers, card keys, controller, network; combination
locks; key locks) used to control access/egress to a physical structure
(e.g., building, fenced area, etc.).
2.21 Physical security is the protection of all elements of the processing
environment from any disaster (man-made or natural) by employing the
mechanical and human resources necessary to safeguard company assets.
2.22 Vendor is a generic term used to describe two types of persons:
a. Resident vendor representative is a person who usually maintains
an office or work room at a Southwestern Bell facility to provide
support on a prompt, regular basis for a product or service the
person's company has sold or leased to Southwestern Bell. A
Customer Engineer (C.E.), for example, is a resident vendor
representative.
b. Temporary vendor representative is a person who provides support
on a periodic or temporary basis for a product or service the
person or person's company has sold or leased to Southwestern
Bell. This person might maintain an office or work room at a
Southwestern Bell facility. Most times this person is a
contractor or consultant. Note: A delivery person who makes
regularly scheduled deliveries to a computer facility can be
considered a temporary vendor representative, but should be
assigned no more than an interim I.D.
PROPRIETARY
Not for use or disclosure outside of Southwestern Bell
Telephone Company except under written agreement.
Page 7
SW 007-690-906
2.23 Vendor I.D. is a temporary photo-I.D. card issued to resident and
temporary vendor representatives who need access to certain
Company buildings on a regular basis for sixty-one (61) days to
one (1) year. This card should show the vendor's first and last
name, vendor company name, access limitations (e.g., certain
Company buildings), and the expiration date of the card. The
month and year of the expiration date shall also be printed in
red numerals at least one and a half inches high and not obstruct
the photo or logo. This card should be worn by a vendor when in a
Company building. Issuance of this card requires management
sponsorship and authorization. (O.P. 78)
2.24 A visitor is someone other than a vendor or Southwestern Bell
employee. Note: Salespersons, occasional delivery personnel,
retired employees, relatives/friends of Company employees, etc.,
are examples of visitors. Also, vendors with vendor (photo) I.D.s
are to be considered visitors when they attempt to access Company
buildings which their I.D. does not authorize them to access.
3. FIRE CONTROLS
3.01 The guidelines in this section are supported by fire prevention
material from O.P. 130 ("Fire Fresh") and Bell System Practices.
A. Computer Room Location
3.02 A computer room should not be located immediately above, below,
or adjacent to parking garages, loading docks, cafeterias, test
laboratories, major power rooms, or other potentially hazardous
areas. Adequate protection features should be provided if these
areas exist but cannot be removed for reasons of prohibitive cost
or impracticality.
3.03 For computer rooms located above the sixth floor, arrangements
should be made with the local fire department to ensure that fire
fighters can manage fire fighting equipment at floors 7 and
above.
B. Compartmentation
3.04 Walls encompassing a computer room should extend from the
concrete slab of one floor to the slab of the next floor and be
of one-hour fire rated noncombustible construction. This also
applies to walls encompassing magnetic media operations rooms and
magnetic media operations libraries. (BSP Section 760-250-150)
3.05 Doors to a computer room should be Underwriters' Laboratories
(UL) listed Class C doors that are 3/4 hour fire rated. This
also applies to doors to
PROPRIETARY
Not for use or disclosure outside of Southwestern Bell
Telephone Company except under written agreement.
Page 8
SW 007-590-905
magnetic media operations rooms and magnetic media operations libraries.
(SW Section 760-630-400)
3.06 Walls encompassing a magnetic media library should extend from the
concrete slab of one floor to the slab of the next floor and be of
two-hour fire rated noncombustible construction. (BSP Section
760-250-150) Doors to a magnetic media library should be UL listed
Class B doors that are 1 1/2 hour fire rated. (SW Section 760-630-400)
3.07 A magnetic media library protected by a gaseous total flooding
extinguishing system or water sprinkler system: its doors and walls only
have to meet requirements for regular computer rooms. (See Items 3.04
and 3.05.)
3.08 Computer rooms should not have windows in perimeter walls. If this is
not possible, the windows should be supported so that they have
sufficient strength to withstand high levels of impact (e.g., two panes
of glass; glass supported by wire, grilles, or LEXAN). The windows
should also contain the necessary insulation to protect the thermal
environment of the computer facility. (See Item 4.02: window
restrictions for ground-level computer rooms; Items 4.26-27: window
alarms and blinds; BSP Section 760-250-150.)
3.09 It is recommended that doors within walls that encompass any type of
computer room be windowless. Exceptions, such as wired glass, are
allowed, with size restrictions, in SW Section 760-630-400.
3.10 Ceilings for a computer facility should be of the type that does not
dust or flake. Ceiling material should be constructed of noncombustible
material or be UL listed with an acceptable flame spread. (BSP Section
760-630-200 and SW Section 760-600-230)
3.11 Ceiling height for raised floor areas should be 8-10 feet to provide
adequate ventilation and machine clearance. (SW Section 007-150-100)
3.12 Raised flooring within the computer facility should be 18 to 24 inches
from the floor slab to the top side of the floor panels. These panels
should be constructed of concrete, steel, aluminum, or metal-enclosed
wood, and be electrically conductive to minimize static electrical
problems. (BSP Section 760-200-110)
3.13 Sub-flooring and structured floor should be constructed of reinforced
concrete, and the floor should not be covered with any type of floor
covering materials. The support assembly for the raised floor should
rest directly on the concrete slab. (BSP Sections 760-200-021,
760-200-032, and 760-200-100)
PROPRIETARY
Not for use or disclosure outside of Southwestern Bell