Common use of Physical Access Control Clause in Contracts

Physical Access Control. Physical access to the main entrance of the HWD building as well as to all side entrances is restricted by a fence. The doors and gates of the fenced area are closed by default and can only be opened by HWD staff on site with transponders. Additionally, the main gate and the main entrance of the fenced area can be opened by HWD Network Operation Center (NOC) staff via doorbell and connected manual opening function. All access paths to the building entrances of HWD are protected by video surveillance. The NOC staff have a 24/7 live visual display of all camera footage on screens in the NOC dedicated to that purpose. Access ways to the building are by default closed and can only be opened from the outside with secu- rity keys. Building access is monitored around the clock by qualified staff on the central reception desk/ NOC, and each staff, customer, or supplier has to register at the central reception desk. Upon regis- tering, visitors receive a visitor pass, which must be returned upon leaving the building. Visitors are instructed about the house rules upon visiting. Visitors have to either have the authorization to register themselves, or otherwise be authorized by persons with the appropriate authorization level to authorize others for registration. The identity of visitors has to be confirmed with a valid photo identification card. Visitors are personally escorted by staff into the building from the reception area. Organizational proce- dures and rules ensure that strangers should never stay or move within the building unattended. Access to the data center footprint is protected by an access control system and unaccompanied ac- cess only possible for HWD staff. For the data center “Am Mittelfelde 29” this access control has been implemented with 2-factor-authentication. Access is logged. Access logs and video footage is checked daily by HWD staff. Outside business hours the premises are controlled by an alarm system according to VDE standard. System alerts are monitored by a security service, and a documented intervention plan is followed. Ad- ditionally, all technical premises, access paths, as well as the perimeter defense, are video surveilled. Notably, all data center footprint is video surveilled, which is additionally supported by motion sensors.

Physical Access Control. Physical All offices are secured with electronic door access control mechanisms • Reception staff are available during working hours to monitor visitors • Zoning in place (Areas of the office are restricted to certain individuals) • Visitor books/sign in sheets used • Lockable cupboards/drawers provided to store sensitive information • Staff given security awareness training which includes responsibility to physical security of offices • Where reasonable swipe card access to the main entrance of the HWD building as well as to all side entrances office is restricted by to certain working hours • Swipe cards are de-activated after employees have left the organisation • Paper waste bins are locked • Servers storing sensitive data are contained within physically lockable server racks • Permission groups are created to enforce access control • Access is provided to data through a fence. The doors formal process, involving a dedicated account admin team to provision access rights (separation of duties) • Access requests are logged to ensure traceability of access changes • Access to information is role-based, where a need to access that data for their role should have been established • Significant changes/modifications to systems containing sensitive data are managed via a formal change management process which requires approval for system changes • Data encryption is used in transit and gates of at rest (where deemed reasonable), to prevent unauthorised modification or access to data • Networks containing sensitive data are reasonably protected with firewalls, network and host-based intrusion detection/prevention software • Antivirus is appropriately used to protect information systems • Regular penetration tests and vulnerability scanning are performed on the fenced area relevant IT systems to test if data could be read, copied, altered or removed without authorisation • Appropriate action is taken to remediate findings from penetration tests and vulnerability scanning • Security-related events are closed by default logged and can only be opened by HWD staff monitored to identify unauthorised access to information (Security Information and Event Management tool) • Network segregation – information systems are placed on site with transponders. Additionallyseparate network domains to restrict access to certain data e.g. testnet (test environment), the main gate prodnet (production environment), CSUK (UK environment) • Where possible sensitive data is stored separately from internet-facing systems • Staff are educated around information classification and the main entrance need to apply stricter handling with information marked as sensitive • Emails are blocked from being sent with large file sizes to prevent unauthorised disclosure of certain sensitive information hereinafter “data exporter” and the fenced area can be opened by HWD Network Operation Center (NOC) staff via doorbell and connected manual opening function. All access paths to the building entrances of HWD are protected by video surveillance. The NOC staff have Customer a 24/7 live visual display of all camera footage on screens company incorporated in the NOC dedicated to that purpose. Access ways to the building are by default closed and can only be opened from the outside with secu- rity keys. Building access is monitored around the clock by qualified staff on the central reception desk/ NOC, and each staff, customer, or supplier has to register ……………………………… under registered number ……………at the central reception deskregistered address ………………………………………………………………………. Upon regis- tering, visitors receive a visitor pass, which must be returned upon leaving the building. Visitors are instructed about the house rules upon visiting. Visitors have to either have the authorization to register themselves, or otherwise be authorized by persons with the appropriate authorization level to authorize others for registration. The identity of visitors has to be confirmed with a valid photo identification card. Visitors are personally escorted by staff into the building from the reception area. Organizational proce- dures and rules ensure that strangers should never stay or move within the building unattended. Access to the hereinafter “data center footprint is protected by an access control system and unaccompanied ac- cess only possible for HWD staff. For the data center “Am Mittelfelde 29” this access control has been implemented with 2-factor-authentication. Access is logged. Access logs and video footage is checked daily by HWD staff. Outside business hours the premises are controlled by an alarm system according to VDE standard. System alerts are monitored by a security service, and a documented intervention plan is followed. Ad- ditionally, all technical premises, access paths, as well as the perimeter defense, are video surveilled. Notably, all data center footprint is video surveilled, which is additionally supported by motion sensors.importer”

Physical Access Control. Physical access to the main entrance of the HWD building KYB buil- ding as well as to all side entrances is restricted by a fence. The doors and gates of the fenced area are closed clo- sed by default and can only be opened by HWD KYB staff on site with transponders. Additionally, the main gate and the main entrance of the fenced area can be opened by HWD KYB Network Operation Center (NOC) staff via doorbell door- bell and connected manual opening function. All access paths to the building entrances of HWD KYB are protected by video surveillance. The NOC staff have a 24/7 live visual display of all camera footage on screens in the NOC dedicated to that purpose. Access ways to the building are by default closed and can only be opened from the outside with secu- rity security keys. Building access is monitored around the clock by qualified quali- fied staff on the central reception desk/ NOC, and each staff, customer, or supplier has to register at the central reception desk. Upon regis- teringregistering, visitors receive a visitor visi- tor pass, which must be returned upon leaving the buildingbuil- ding. Visitors are instructed about the house rules upon visiting. Visitors have to either have the authorization to register themselves, or otherwise be authorized by persons per- sons with the appropriate authorization level to authorize authori- ze others for registration. The identity of visitors has to be confirmed with a valid photo identification card. Visitors Vi- sitors are personally escorted by staff into the building from the reception area. Organizational proce- dures procedures and rules ensure that strangers should never stay or move within the building unattended. Access to the data center footprint is protected by an access control system and unaccompanied ac- cess access only possible for HWD KYB staff. For the data center “Am Mittelfelde Mittelfel- de 29” this access control has been implemented with 2-factor-authentication. Access is logged. Access logs and video footage is checked daily by HWD KYB staff. Outside business hours the premises are controlled by an alarm system according to VDE standard. System Sys- tem alerts are monitored by a security service, and a documented intervention plan is followed. Ad- ditionallyAdditionally, all technical premises, access paths, as well as the perimeter pe- rimeter defense, are video surveilled. Notably, all data center footprint is video surveilled, which is additionally supported by motion sensors.