Access Control Policy

1. Purpose and Objectives

This Access Control Policy establishes the rules under which non-GridSite personnel may enter, move within, and exit a GridColo site. Because GridColo operates in multiple facility models—from multi-tenant buildings we partially control to fully fenced and gated campuses we exclusively own—access expectations must be uniform, explicit, and enforceable across all variants.

The objective is to safeguard people, assets, and continuity of service by ensuring that only authorized persons enter, that they remain only in areas they are entitled to occupy, and that their movement is recorded and auditable. This policy gives customers, vendors, contractors, and visitors clarity about how access is granted, what is required of them before and during a visit, and how exceptions are handled when safety or emergency response demands it.

2. Applicability

This policy applies to all individuals who are not direct employees of GridSite Technology Inc., including customer personnel, vendors and sub-vendors, contractors and subcontractors, consultants, temporary workers, delivery drivers, auditors, and escorted visitors.

It governs routine access, after-hours access, emergency access, delivery/dock access, and temporary or one-time visits. It applies in addition to the colocation agreement, visitor agreements, safety rules, and any posted site notices. Where a landlord or authority imposes additional entry controls, those controls apply in parallel to this policy.

3. Security Levels

Each GridColo location is designated as one of four Security Levels that describe who controls the outer gateway to the site and how comprehensively GridColo enforces access:

4. Security Zones

Within any site—regardless of Security Level—spaces are treated as zones with progressively stricter controls:

5. Identity, Credentials, and Display Requirements

All non-employee persons must carry a valid government-issued photo ID and a GridColo-issued credential while on site. Credentials are personal and non-transferable; loaning, sharing, or duplicating a credential is prohibited. Credentials must be conspicuously displayed above the waist and unobstructed.

GridColo uses a role labeling scheme to make roles visually apparent. Standard roles are Employee, Customer, Vendor/Contractor, and Visitor. As a visual convention, solid-color credentials denote permanent or standing access and striped-color credentials denote temporary or day-use access.

Lost or stolen credentials must be reported immediately (no later than fifteen minutes after discovery). GridColo will revoke the credential and issue a replacement only after identity is re-verified.

6. Enrollment and Authorization

Before GridColo issues a credential, the sponsoring customer or GridColo department must submit an access request identifying the individual, their role, the business purpose, the expected duration of need, and the zones to which access is requested.

GridColo may require proof of safety training, method-of-procedure (MOP) approvals for planned work, evidence of insurance for vendors, and acceptance of posted site rules. Where permitted by law and contract, GridColo may require identity verification and background screening appropriate to the role and the sensitivity of access requested.

Credentials are provisioned on a least-privilege basis. Default access permits movement only to reception and the customer's own allocation; access to critical infrastructure and roof/mechanical/electrical spaces is on an as-needed basis tied to active work orders.

7. Access Requests, Scheduling, and After-Hours Visits

Routine visits during posted access hours may be scheduled through the customer portal or service desk. After-hours or weekend work must be requested in advance with sufficient lead time to stage security and, where necessary, on-site escorts or supervisors.

Emergency access is handled through the 24×7 operations desk. GridColo will verify identity and stated purpose before granting entry and may require an escort until normal validation steps are completed. Use of "emergency" pathways for non-urgent work is a violation of this policy.

8. Authentication Methods and Controls

GridColo employs layered authentication appropriate to zone and Security Level. Card-based credentials are minimum; mantraps, PINs, and biometrics may be used for data halls and critical infrastructure.

Anti-passback may be enforced in mantraps and high-value zones; tailgating and piggybacking are prohibited. Individuals must badge in and out for every controlled door—even when doors are already open or staffed—and must not hold doors open for others unless explicitly instructed by security.

9. Interlocked Doors

Certain portals within GridColo facilities are protected by interlocked door systems, sometimes referred to as two-way or three-way interlocks. In these systems, one door must be fully closed before another door in the sequence can be opened. This mechanism prevents multiple unsecured pathways from being open at once, protecting the facility from tailgating, uncontrolled airflow, or dock-to-data-hall contamination.

Interlocked doors are most commonly found at main building entrances, data hall access points, and loading dock transitions. For example, when a dock roll-up door is raised, the interior doors leading from the dock to the remainder of the facility are electronically interlocked and cannot be opened until the roll-up door is closed.

All individuals must respect interlock operation, wait for doors to cycle fully, and never attempt to force, wedge, or bypass an interlocked door. Misuse of interlocked doors may result in immediate revocation of access privileges.

10. Visitors and Escorting

Persons without standing credentials are treated as visitors. Visitors must be pre-registered, present government photo identification at reception, and wear a visitor badge at all times. Visitors may only move under continuous line-of-sight escort by an authorized GridColo employee or, if permitted for the scenario, by an authorized customer representative with the correct escort privilege.

Escorting is an active duty: the escort must remain physically present with the visitor, monitor their activity, and ensure they do not enter unauthorized zones or interact with other tenants' allocations. Children and pets are not permitted in operational areas under any circumstances.

11. Vendors, Contractors, and Work Authorization

Vendors and contractors performing work must be named on an approved work order referencing the scope of work, affected zones, and relevant MOPs or permits (e.g., hot work, LOTO, roof access). Access will be bounded to the time window and zones required to execute the approved scope.

Subcontractors must be explicitly listed; "blanket" authorizations are not accepted. Vendor supervisors are responsible for ensuring their teams comply with all access and safety rules. GridColo may require escorts for certain activities or zones, particularly in data halls occupied by multiple tenants.

12. Customer Secured Areas

Customers are responsible for controlling access within their assigned cages, cabinets, and suites. Padlocks, cam locks, electronic cabinet locks, and access control panels must be maintained in good working order, labeled, and configured to allow the customer's own personnel to enter while preventing access by others.

Keys and combinations must be managed by the customer; lost keys that could compromise adjacent tenants or building safety must be reported immediately. "Cross-tenant assistance" (helping another tenant enter their space) is prohibited even if requested by that tenant; all such requests must be routed to GridColo operations.

13. Movement Restrictions and Conduct

Non-GridSite personnel may not enter any area not explicitly authorized on their credential. Loitering in shared corridors, staging areas, or near other tenants' allocations is not permitted. Photography and recording are prohibited except where explicitly authorized in writing for a specific purpose and time.

Individuals must not read other tenants' labels, tickets, or screens, and must position temporary carts and ladders so as not to block aisles or egress paths. Audible devices such as speakers and ringers should be disabled within data halls; communications should be conducted quietly and professionally.

14. Delivery, Dock, and Vehicle Access

Access to docks, staging rooms, and freight elevators is controlled and scheduled. Drivers must present identity and load documentation. At Level 4 sites, vehicles may be screened at the perimeter; GridColo reserves the right to inspect cargo and to refuse entry to any vehicle that presents a safety or security concern.

Pallets and crates are opened only in designated staging areas; movement into data halls follows the flooring, cleanliness, and equipment-handling standards posted for the site. Detailed logistics rules are provided in the Delivery & Logistics Policy; compliance with that policy is a condition of dock access.

15. Prohibited and Controlled Items

Weapons, illegal drugs, alcohol, smoking/vaping devices, drones, and personal heaters/cookers are prohibited. Sprays, solvents, and chemicals require prior approval; batteries, fuel, and compressed gases are controlled articles.

Unapproved Wi-Fi access points, wireless scanners, jammers, and rogue network devices are not allowed. Portable storage media must not be left unattended. If an individual is found to be impaired, aggressive, or otherwise unfit for safe work, access will be denied or terminated.

16. Monitoring, Logging, and Retention

GridColo records access events and monitors premises via CCTV and electronic access control. Logging begins at the first control point (landlord or GridColo, depending on Security Level) and continues through internal controlled doors.

As a standard, access logs are retained for not less than twenty-four months and video for a period appropriate to the site's Security Level and storage architecture. Use and protection of log and video data are governed by the Privacy & Data Protection Policy.

17. Emergencies, Exceptions, and Overrides

When a life-safety or critical operational emergency exists, GridColo may grant expedited access or activate an override to admit first responders and essential personnel to the affected zones. Individuals entering under emergency authority must identify themselves, follow all instructions from GridColo security or incident command, and evacuate or muster when directed.

GridColo documents all overrides and conducts a post-event review to validate necessity and scope. Use of emergency authority for convenience is a violation of this policy and may result in immediate revocation of access.

18. Revocation, Suspension, and Denial of Entry

GridColo may deny entry or revoke access when a credential is expired, reported lost, or appears altered; when identification cannot be verified; when a person is on a barred-from-premises list; when the individual is impaired or poses a safety risk; or when there is a violation of this policy or any posted safety rule.

Revocation or suspension will be communicated to the sponsoring customer along with the reason, and re-instatement, if any, will require the customer to address the underlying concern to GridColo's satisfaction.

19. Responsibilities

Customers must designate authorized representatives, keep their personnel rosters current, and immediately notify GridColo when individuals no longer require access. Vendors must ensure their workers are briefed on this policy, trained for the tasks they will perform, and properly insured.

Escorts must actively supervise visitors at all times. Individuals are personally responsible for the custody of their credential, for following directions from security personnel, and for leaving promptly when their authorized activity is complete.

20. Audits and Re-Certification

GridColo periodically audits access rights and compares activity logs against sponsor rosters. Credentials with no recent legitimate use may be suspended pending re-validation.

Customers and vendors will be asked, at least quarterly, to re-certify that listed personnel still require the access shown; failure to respond may result in suspension until the certification is complete.

21. Privacy and Personal Data

Access control inherently involves collection of personal information such as names, photos, government ID details, access events, and, where applicable, biometric templates. GridColo limits use of this information to security and operational purposes, protects it with reasonable controls, and retains it only as long as necessary for those purposes or as required by law or contract.

Individuals may consult the Privacy & Data Protection Policy for details and rights requests. Declining biometric enrollment will not bar access where alternatives exist, but may require slower or escorted processes in certain zones.

22. Enforcement and Consequences

Violations of this policy may result in immediate removal from the premises, suspension or revocation of access, incident reporting to the sponsoring customer, financial charges for misuse or damage, and, in severe cases, termination of the customer's colocation privileges.

Where conduct suggests criminal activity, GridColo may notify law enforcement and cooperate fully with any investigation.

23. Effective Date, Changes, and Prevailing Terms

This policy is effective on publication and remains in force until superseded. GridColo may amend it to address changing risks, technologies, or laws.

In the event of conflict between this policy and a signed agreement, the agreement governs to the extent of the conflict; however, GridColo retains the right to apply immediate safety or security measures when necessary to protect life, property, or continuity of service.