Most undocumented infrastructure changes enter buildings the same way: a technician arrives with a work order number, a safety vest, and urgency. The building, wanting to be helpful, lets them in. Whatever happens next is officially nobody's fault.
One rule stops this: No Tenant = No Access Request.
The rule
Every legitimate piece of carrier work in a multi-tenant building exists because some tenant, somewhere, ordered something. If a request cannot identify that tenant, the request is incomplete, and incomplete requests do not get scheduled. Not rejected forever; just returned for completion, the way accounting returns an invoice with no PO.
The five elements of a complete request
- The tenant. Which customer ordered the service that requires this work? This is the accountability anchor; it connects physical work to a business relationship the building can verify.
- The suite. Where does the service terminate? This defines the pathway, the riser segments involved, and which other tenants share the affected spaces.
- The business purpose. New service, repair, disconnect, upgrade? Purpose determines urgency, review depth, and what "done" looks like.
- The scope of work. What will be installed, removed, or modified, specifically? "Run one cable" is not a scope. "Install one single-mode fiber pair from MPOE to IDF-4, terminating at panel B" is.
- The responsible party. Who is dispatching, who is performing, and who answers if something goes wrong? Names, companies, and verifiable identification.
What happens when you enforce it
Two things, quickly. First, legitimate work gets faster: complete requests can be reviewed, scheduled, and escorted efficiently because the building knows exactly what is happening. Second, a surprising fraction of requests simply evaporate when asked for a tenant: speculative surveys, work intended for a neighboring building, "while we're here" additions, and occasionally something worse. Every one of those was an undocumented change you did not absorb.
The rule costs nothing to adopt and requires no software. It requires only that ownership decide undocumented access is no longer acceptable, and a coordination function, in-house or through a governance partner like GDS, that enforces it consistently.