S 3.20 Instructions concerning the operation of protective cabinets

Initiation responsibility: IT Security Officer

Implementation responsibility: IT Security Officer

Following the purchase of a protective cabinet, users must be familiarised with correct operation. This should also occur when a task involving use of the protective cabinet is reassigned. As a minimum requirement, the following points must be conveyed:

• Correct procedure with the lock of the protective cabinet must be demonstrated. Typical errors should be pointed out, for example not wiping code locks. The rules governing key management, safekeeping of keys and substitution arrangements must be outlined. In particular, individuals must be called on to lock the protective cabinet when not in use, even for a short period.
• The keyboard of a server must always be kept in the server cabinet so that no unauthorised console inputs can be made.
• As far as server cabinets are concerned, it should be pointed out that unnecessary inflammable materials (print-outs, surplus manuals, printer paper) should not be kept in the server cabinet.
• Data backup media of the server should be stored in another fire zone. Keeping them in the server cabinet is therefore inappropriate and only permissible if a duplicate of the data backup medium is relocated to another fire zone.
• If an air-conditioned server cabinet is used, the times the server cabinet is open should be kept to a minimum. Where necessary, sporadic checks should be carried out to determine whether there is any water condensation in the server cabinet.

Review questions:

• Are the users or protective cabinets instructed on their operation?
• If the protective cabinet is used as a server cabinet: Are data backup media of the server stored in another fire zone?