Governance

Policies and procedures

Policy No.
UP13/5
Function
Technology And Telecommunications
Authoring Organisational Unit
Policy and Planning - IT Services
Date Approved
01/06/2012 Revised 01/05/2014
Next Review Date
01/06/2015
Approving Body
Vice-Chancellor

The University of Western Australia

University Policy on: Institutional Data Centre

Purpose of the policy and summary of issues it addresses:

The purpose of this policy is to outline the principles and responsibilities for the operation and management of the UWA Institutional Data Centre (IDC). It will inform the planning for the consolidation of server rooms and data centres into the IDC with the aim of reducing the risk of loss and/or compromise of data as identified in University audit reports on data centres and server rooms.

Definitions:

Information Services is the University division that will be responsible for the provision and management of the IDC.

IaaS Infrastructure as a Service.

Data Centre a facility used to house computer systems and associated components, such as telecommunications and storage systems.

Disaster An event that is not predictable. Disasters can be of natural cause such as floods or earthquakes or they can be caused by hazardous material spills or major infrastructure failure.

Policy statement:

To mitigate the risk of loss or compromise of Institutional data, the IDC facility provides servers, storage and related services with the objective of consolidating disparate computer and data storage across the University.

The IDC will be compliant with the University�s Standard on Data Centre and Server Room Facilities and the management of the data centre will be in accordance with service level agreements with third-party providers.

The following principles define the underlying rules for the provision of services from the IDC.

1 Institutional data servers, appliances (such as firewalls, server load balancers etc.) and associated hardware will be housed in fit-for-purpose facilities and managed in accordance with appropriate service level agreements and capacity management regimes

1.1 Institutional Administrative data and associated servers and storage equipment must be housed in the IDC. (Institutional Research data is to be stored at the Institutional Research Data Store (IRDS).)

1.2 Network infrastructure such as switches, routers and other associated equipment must be housed in fit-for-purpose communications rooms on campus.

1.3 Service level agreements and capacity management are provided by Information Services.

2 Server, data storage, backup and recovery and disaster recovery services are provided by Information Services using infrastructure housed in the IDC and the Disaster Recovery facility

2.1 A catalogue of services for staff and students will be published on the Information Services website.

2.2 Services provisioned using Infrastructure as a Service (IaaS) have specific risks which should be managed accordingly using service level agreements and periodical reporting on performance.

2.3 Disaster recovery planning is the responsibility of Information Services.

2.4 Business continuity planning is the responsibility of the Faculty, School or Administrative Area within the University.

3 Institutional data is owned by the University and risks associated with loss and/or compromise of data will be managed appropriately

3.1 All data will be backed up and/or archived according to a backup and recovery and archival regime.

3.2 Backed up data will be stored in a fit-for-purpose facility which is geographically separate from the IDC.

3.3 The backup and recovery process will be tested at least six-monthly and quality assurance will be applied to ensure that the process is completed successfully and that data can be retrieved over time.

4 Roles and responsibilities

4.1 Information Services will be responsible for the following:

4.1.1 Access Control (Firewall)

Information Services will maintain the Institutional Firewall. Requests can be made from Faculties and Administrative Areas for new or modified firewall rules to fit their operational requirements.

4.1.2 Server Patching and upgrades

Information Services will be responsible for managing security and other patches to the operating systems of all servers that are hosted in the IDC. Hardware infrastructure will be refreshed periodically to ensure fitness of purpose of the servers.

4.1.3 Data Storage and Server Provisioning

Information Services will be responsible for provisioning data storage and servers for staff and students. Faculty, School and Administrative Areas may be provided delegated authority to provision data storage and servers if appropriate. Staff and students will be allocated default amounts of storage respectively. Additional storage can be purchased by negotiation with Information Services.

4.1.4 Data Security

Information Services will be responsible for the security of all data housed in the IDC. Physical security will comply with the University Standard on: Data Centre and Server Room Facilities. Logical security will be provided by authenticated (UniWA) access and at the application and/or server level as appropriate. Additional security such as data encryption can be negotiated with Information Services.

4.1.5 Data Backup and Recovery

Information Services will be responsible for the provision of a backup and recovery service for all data in the IDC as a safeguard against data that may be inadvertently deleted or lost. However, data backups are not intended to serve the purpose of record-keeping. All records should be stored appropriately in accordance with the University Policy on: Record Management. The University Policy on: Data Backup and Recovery should be referred to for details of backup regimes.

4.1.6 Data Archiving

Data archiving services can be provided on application to Information Services. Data archives will be kept in a secure location, geographically separate from the IDC.

4.1.7 Disaster Recovery

Information Services maintains a Disaster Recovery Plan which will detail the process to recover services provided from the IDC in the event of a disaster. The Plan will detail recovery procedures, recovery time objectives and recovery point objectives for systems and data and outlines roles and responsibilities of staff in the recovery process for each of the services (network, applications, data etc.)

4.1.8 Capacity Planning

Information Services is responsible for data and server capacity planning including usage monitoring and the implementation of upgrades and expansion in line with future resource needs.

4.1.9 Service Level Management

Information Services manages third-party service providers by clearly defining the roles, responsibilities and expectations in third-party contracts and agreements as well as reviewing and monitoring service level agreements for effectiveness and compliance.

4.2 Faculties, Schools and Administrative Areas are responsible for the following:

4.2.1 Systems Administration � Virtual Servers

Servers that are virtualised in the IDC will be administered by the Faculty, School or Administrative Area that owns them. However, Information Services is responsible for installing and maintaining (patching) the operating system of these servers.

4.2.2 Systems Administration � Physical Servers

Servers that are co-located in the IDC are administered by the Faculty, School or Administrative Area that owns them. Access to the data centre requires photo identification and prior notice before physical access is granted.

4.2.3 Data Administration � Record-keeping and backup regimes

Data administration for both structured and unstructured data is the responsibility of the Faculty, School or Administrative Area. Data administration includes record-keeping and confirming/arranging backup and archiving regimes as appropriate.

4.2.4 Access Control

Access control to structured and unstructured data is the responsibility of the Faculty, School or Administrative Area. The centrally provided firewall may be used to set up rules for access control or alternately, access control can be set up at the application layer.

4.2.5 Disaster Recovery Planning

Although disaster recovery is the responsibility of Information Services, the specification of Recovery Time Objectives (maximum time to restore data after a disaster) and Recovery Point Objectives (maximum amount of data loss) is the responsibility of the Faculties and Administrative Areas.

4.2.6 Business Continuity Plans

In the event of a disaster, the planning of activities to ensure that critical services can continue while systems are being restored will be the responsibility of Faculties and Administrative Areas. Information Services maintains its own Business Continuity Plan to ensure it can continue services to the University in the event of a disaster.

Related forms: (Link)

UWA Research Data Management Plan

Related forms: (Link)

TRIM File No:

F53792

Contact position:

Related Policies or legislation:

Data Backup and Recovery Policy

Records Management Policy