Jane works as a network administrator at a financial firm. She's concerned about potential unauthorized access to the company's internal servers. To prevent unauthorized personnel from accessing the server room, which of the following would be an effective preventive control?