2. Inconsistent Management Authorizations and Approvals for CenturyLink Data Center Access (NCUA-IT-18-01). We noted that the NCUA management was unable to provide evidence that it approved physical access for three users with access to the CenturyLink Data Center. A group of contractors were hired into roles that would have Data Center management responsibilities, and the Chief Information Security Officer (CISO) gave verbal approvals to the CenturyLink Data Center Manager to grant the users’ access to the Data Center, and did not document the approval in a written, or emailed, format.