ACCESS CONTROL MEASURES Clause Samples
POPULAR SAMPLE Copied 2 times
ACCESS CONTROL MEASURES. This facility may now or in the future use various access control measures, including but not limited to automatic gate and cameras (real or not), designed to deter unauthorized access to the facility. However, Occupant acknowledges these access control measures are solely for the benefit of Owner and Owner’s property and not for security of Occupant’s unit or belongings. These access measures may fail or be circumvented. Owner does not warranty or guarantee the effectiveness of measures undertaken to prohibit unauthorized access.
ACCESS CONTROL MEASURES. This FACILITY utilizes various access control measures designed to deter unauthorized access to the FACILITY. However OCCUPANT acknowledges these access control measures may be circumvented or may fail and the OWNER does not warranty or guarantee the effectiveness of the measures undertaken to prohibit unauthorized access.
ACCESS CONTROL MEASURES. 2.2.1 Defined process for (largely centralized) assignment of user IDs and access authorizations when new employees are hired and when employees leave the company or in the event of organizational changes.
2.2.2 User profiles are created by the technical management.
2.2.3 User permissions are managed by the technical management.
2.2.4 Screens are locked when the user is inactive, after 10 minutes
2.2.5 Passwords are created according to the guidelines for secure passwords
2.2.6 The following measures are taken in case of loss, forgetting or spying of a password: ☒ Admin assigns new initial password ☒ Passwords for other systems are renewed, unless covered by central access
2.2.7 Authentication for remote access is performed by Authentication with ☒ User name ☒ Password ☒ 2 Factor Authorization ☒ via VPN
2.2.8 The systems are protected by a firewallThis is updated regularly: ☒ yes ☐ noIt is administered by ☒ own IT ☐ external service provider
2.2.9 Data carriers are encrypted
ACCESS CONTROL MEASURES. Yes No Are access rights for privileged user IDs restricted to least privileges necessary to perform job responsibilities? Yes No Are all paper and electronic media that contain cardholder data physically secure? Yes No Is strict control maintained over the internal or external distribution of any kind of media that contains cardholder data? Yes No Is the media classified so it can be identified as confidential? Yes No Is the media sent by secured courier or other delivery method that can be accurately tracked? Yes No Are processes and procedures in place to ensure management approval is obtained prior to moving any and all media containing cardholder data from a secured area (especially when media is distributed to individuals)? Yes No Is strict control maintained over the storage and accessibility of media that contains cardholder data? Yes No Is media containing cardholder data destroyed when it is no longer needed for business or legal reasons? Yes No Are hardcopy materials cross-shredded, incinerated, or pulped so that cardholder data cannot be reconstructed? Yes No Are containers that store information to be destroyed secured to prevent access to the contents? (For example, a “to-be-shredded” container has a lock preventing access to its contents.) I, , on this day of , 20 , agree to follow the standards outlined in C-13 of the Accounting and Administrative Manual and adhere to all security standards in order to maintain PCI compliance. Furthermore, I understand that failure to maintain the above standards may result in the suspension of credit card processing privileges. Printed Name Signature Date Department: Phone: