An associate initiates a request via the VMS portal. The CS team will then verify and validate the request with the ISG as needed, before granting approval. Customer approval is mandatory before visitor s are granted access to ODC's.

Additionally, visitors will be accompanied by only authorized associates while in the facility.

The PM starts a request to set up an ODC following the contractual obligations and standard compliance e.g PCI-DSS. The PM is in charge of defining the physical security specifications in the contract and sharing these requirements with the CS/ADMIN team for execution. It also involves a thorough physical security evaluation for the new ODC by ISG. Any gaps found must be fixed before the operational launch.

• Checking the on-site implementation and compliance with contractual physical security measures.
• Choosing Emergency Response Team (ERT) and escort personnel for their project and sending the roster to CS/ADMIN. This list should be kept at the security guard station, and regular reconciliation should be done as per the agreement.
• Granting ODC physical access through the CS portal.
• Making sure that all assigned ERT members attend the training sessions conducted by CS/ADMIN.
• Performing agreed-upon or monthly reconciliations of physical access.
• Quickly requesting the removal of physical access for employees moving to different accounts or upon their departure.
• Observing compliance with physical control measures and reporting any differences immediately to CS and the assigned ISG SPOC. Examples are Tailgating, improper access controls, lax guards and incorrectly positioned CCTV cameras.
• Providing CS with a list of authorized laptop and mobile device users.

• ODC entry and exit points have CCTV coverage to avoid tailgating and ensure only authorized personnel can enter.
• Visitor entry logs and other registers such as asset movement, lost/forgotten access cards, and visitor logs are maintained.
• Anti-pass mechanisms are used to prevent tailgating.
• Security guards are deployed at posts as per the contract or TechM baseline standards.
• Fire drills and other relevant drills are performed at the agreed frequency.
• Physical security measures implemented for the account are regularly monitored. Any security gaps found during regular checks are quickly fixed.
• Annual Maintenance Contracts (AMCs) for all firefighting equipment are kept up to date.
• Physical access cards are issued promptly.
• Contractual/regulatory requirements for CCTV footage retention are followed. Frisking is done in accordance with contractual obligations or TechM baseline standards. Only authorized mobile users are allowed to bring mobiles inside the ODC, if there are restrictions.

The PM requests to establish a server room in the ODC according to the contract terms.

The TIM team checks the contract terms with ISG and applies the required controls in the server room. The TIM team keeps a list of authorized users at the server room's entrance and a record of visitors. Racks are locked securely and labeled clearly to show the related project.

CS monitors the temperature regularly, maintains fire safety equipment in the server room, and ensures that CCTV covers the area.

Refer page - LAB …