Physical Access to the Facility

How access to the public facility is granted depends on how public the facility is. For staff during off hours, you may want to follow some of the common-sense advice for the server room: Allow access with a key different from the building's master, or use a pushbutton combination key or keycard access.

Access for general users, though, may depend on how public the facility is. For a small facility, it may be sufficient to issue keys or codes or access cards to the appropriate individuals. Or you may want to have users sign in during the day, and not grant access during off hours, or grant access to only a smaller subset of users.

For a larger, more public facility, you might want to consider some sort of keycard access, especially if your facility is part of an institution that already issues IDs to the individuals associated with it. For a particularly public place, such as a public library, perhaps using a photo ID and having the user sign a login sheet would be appropriate. Perhaps it would be better to limit use of such a facility to only the library patrons.

No matter how public the computing facility, you may find it useful to install video surveillance equipment, especially if, for whatever reason, it is not practical to restrict access via any other method. Although video surveillance equipment will not tell you specifically who is in your facility, it could potentially discourage some malicious users.

Unless your facility is so small that access is available to only select individuals, you should have the facility monitored by at least one individual at all times. Of course, this is in part to help with equipment or software problems. However, having the room monitored by an individual is yet another way to discourage possible malicious users.

Finally, you may want to consider installing an alarm system of some sort that is armed when the facility is supposed to be closed.

Table 2.1 at the end of this chapter includes several vendors of lock and alarm systems.