Operational Library / SOP Example

Data Hall Access Control Procedure

A simplified example of a controlled access procedure for data hall environments where security, human factors and operational awareness are part of reliable infrastructure operation.

1. Purpose

Define a controlled process for granting, verifying and documenting access to a data hall or critical technical area, while reducing the risk of unauthorized access, operational disruption or unsafe activity.

2. Scope

Applies to personnel, visitors, vendors and contractors requiring access to data halls, technical rooms or other controlled operational areas within a critical infrastructure environment.

This example does not replace site security policy, customer-specific access agreements, legal requirements, local procedures or the instructions of the responsible security authority.

3. Preconditions

  • ☐ Access request has been submitted and approved
  • ☐ Identity has been verified according to site procedure
  • ☐ Visitor or contractor has a valid business reason for access
  • ☐ Required escort has been assigned where applicable
  • ☐ Required induction, safety briefing or site rules have been completed
  • ☐ No active incident or restriction prevents access to the area

4. Responsibilities

Role Responsibility
Access Requester Provide reason for access, required time window and personnel details.
Security / Reception Verify identity, access approval and entry/exit registration.
Escort / Host Remain responsible for escorted persons and ensure site rules are followed.
Operations Technician Confirm operational conditions allow access and monitor activity where required.
Facility Responsible Approve exceptions, restrictions or elevated access requirements.

5. Execution Procedure

Step Room/Tag Action Verification Sign-1 Sign-2
1 ACCESS-REQ Confirm approved access request, reason for visit and requested area. Request matches approved scope and time window.
2 SEC-DESK Verify identity of all persons requesting access. Identity confirmed according to site access procedure.
3 SEC-DESK Issue visitor badge, temporary credential or access card as applicable. Credential type matches approved access level and expiry period.
4 DATAHALL-AREA Confirm whether escort is required and assign responsible host if applicable. Escort responsibility accepted before entry.
5 OPS-DESK Check for active incidents, alarms, maintenance restrictions or operational reasons to delay access. No restriction preventing access, or exception approved by responsible role.
6 DATAHALL-ENTRY Remind visitor or contractor of site rules before entry, including no unapproved photography, no unauthorized work and no tailgating. Rules acknowledged before access is granted.
7 DATAHALL-ENTRY Grant access through approved door or access point only. Entry registered in access control system or visitor log.
8 DATAHALL Monitor activity according to access type, work scope and escort requirements. Persons remain within approved area and activity scope.
9 DATAHALL-EXIT Confirm exit from controlled area when visit or work is complete. Exit registered and all escorted persons accounted for.
10 SEC-DESK Return visitor badge, temporary credential or access card. Temporary credential returned, disabled or expired according to site procedure.

6. Risk Considerations

Data hall access is a human-factor control as much as a security control. Incorrect access handling can expose critical equipment, customer systems, cabling, power paths, cooling paths or sensitive operational information.

  • Do not allow tailgating or shared credentials.
  • Do not grant access outside approved scope without authorization.
  • Do not allow unescorted access where escort is required.
  • Do not allow work activity under an access approval only if a separate work approval is required.
  • Report suspicious behavior, badge misuse or access anomalies immediately.
  • Stop access if operational conditions change during the visit.

7. Rollback / Exception Handling

If access was granted incorrectly, immediately remove the person from the controlled area if safe to do so, notify the responsible security or facility role, and record the event according to site procedure.

If an incident, alarm or operational restriction begins during access, the escort or operations representative should pause the activity, account for all personnel and follow the site escalation process.

8. Post Verification

  • ☐ All visitors, vendors or contractors have exited the controlled area
  • ☐ Temporary credentials have been returned, disabled or expired
  • ☐ Access log or visitor register has been completed
  • ☐ Any exceptions or access anomalies have been recorded
  • ☐ Escort confirms no unauthorized activity occurred
  • ☐ Operations confirms no visible operational impact from the visit

9. Operational Notes

Access control should be treated as part of operational reliability, not only physical security. A person entering a data hall can affect airflow, cabling, equipment access, customer systems, housekeeping, emergency response routes and change control boundaries.

Formal information-security standards such as ISO/IEC 27001 include controls for physical security, access control and protection of information assets. Site procedures should align with the responsible organization’s security management system where such a system exists.

Key principles: verified identity, approved scope, escort control, access logging, human-factor awareness and clear exception escalation.

Template provided by © Tom Jensen | tomjensen.no