Common use of Physical Access Controls Clause in Contracts

Physical Access Controls. Physical access controls/security measures at Provider’s facilities/premises are designed to meet the following requirements: (a) Access to Provider’s buildings, facilities, and other physical premises shall be controlled and based upon business necessity, sensitivity of assets and the individual’s role and relationship to the Provider. Only personnel associated with Provider are given access to Provider’s facilities and physical resources in a manner consistent with their role and responsibilities in the organization. (b) Relevant Provider facilities are secured by an access control system. Access to such facilities is granted with an activated card only. (c) All persons requiring access to facilities and/or resources are issued with appropriate and unique physical access credentials (e.g., a badge or keycard assigned to one individual) by the IS function. Individuals issued unique physical access credentials are instructed not to allow or enable other individuals to access the Provider’s facilities or resources using their unique credentials (e.g., no “tailgating”). Temporary (up to fourteen (14) days) credentials may be issued to individuals who do not have active identities where this is necessary: (i) for access to a specific facility, and (ii) for valid business needs. Unique credentials are non-transferable and if an individual cannot produce his/her credentials upon request, he/she may be denied entry to Provider’s facilities or escorted off the premises. At staffed entrances, individuals are required to present a valid photo identification or valid credentials to the security representative upon entering. Individuals who have lost or misplaced their credentials or other identification are required to enter through a staffed entrance and be issued a temporary badge by a security representative. (d) Employees are regularly trained and reminded to always carry their credentials, store their laptops, portable devices, and documents in a secure location (especially while traveling), and log out or shut down their computers when away from their desk. (e) Visitors who require access to Provider’s facilities must enter through a staffed and/or main facility entrance. Visitors must register their date and time of arrival, time of leaving the building, and the name of the person they are visiting. Visitors must produce a current, government issued form of identification to validate their identity. To prevent access to, or disclosure of, Personal Data, visitors are not allowed un-escorted access to restricted or controlled areas. (f) Select Provider facilities use CCTV monitoring, security guards and other physical measures where appropriate and legally permitted. (g) Locked shred bins are provided on most sites to enable secure destruction of confidential information/Personal Data. (h) For Provider’s major data centers, security guards, UPS, and generators, and change control standards are available. (i) For software development and infrastructure deployment projects, the IS function uses a risk evaluation process and a data classification program to manage risk arising from such activities.

Physical Access Controls. Physical access controls/security measures at Providerdata importer’s facilities/premises are designed to meet the following requirements: (a) Access access to Providerdata importer’s buildings, facilities, facilities and other physical premises shall be controlled and based upon business necessity, sensitivity of assets and the individual’s role and relationship to the Providerdata importer. Only personnel associated with Provider data importer are given provided access to Providerdata importer’s facilities and physical resources in a manner consistent with their role and responsibilities in the organization.; (b) Relevant Provider relevant data importer facilities are secured by an access control system. Access to such facilities is granted with an activated card only.; (c) All all persons requiring access to facilities and/or resources are issued with appropriate and unique physical access credentials (e.g., e.g. a badge or keycard assigned to one individual) by the IS function. Individuals issued with unique physical access credentials are instructed not to allow or enable other individuals to access the Providerdata importer’s facilities or resources using their unique credentials (e.g., e.g. no “tailgating”). Temporary (up to fourteen (14) 14 days) credentials may be issued to individuals who do not have active identities where this is necessary: necessary (i) for access to a specific facility, facility and (ii) for valid business needs. Unique credentials are non-transferable and if an individual cannot produce his/her their credentials upon request, he/she request they may be denied entry to Providerdata importer’s facilities or escorted off the premises. At staffed entrances, individuals are required to present a valid photo identification or valid credentials to the security representative upon entering. Individuals who have lost or misplaced their credentials or other identification are required to enter through a staffed entrance and be issued a temporary badge by a security representative.; (d) Employees employees are regularly trained and reminded to always carry their credentials, store their laptops, portable devices, devices and documents in a secure location (especially while traveling), ) and log out or shut down their computers when away from their desk.; (e) Visitors visitors who require access to Providerdata importer’s facilities must enter through a staffed and/or main facility entrance. Visitors must register their date and time of arrival, time of leaving the building, building and the name of the person they are visiting. Visitors must produce a current, government issued form of identification to validate their identity. To prevent access to, or disclosure of, Personal Data, company proprietary information visitors are not allowed un-escorted access to restricted or controlled areas.; (f) Select Provider select data importer facilities use CCTV monitoring, security guards and other physical measures where appropriate and legally permitted.; (g) Locked locked shred bins are provided on most sites to enable secure destruction of confidential information/Personal Data.personal data; (h) For Providerfor data importer’s major data centerscentres, security guards, UPS, UPS and generators, and change control standards are available.; (i) For for software development and infrastructure deployment projects, the IS function uses a risk evaluation process and a data classification program to manage risk arising from such activities.

Physical Access Controls. Physical access controls/security measures at ProviderArista’s facilities/premises are designed to meet the following requirements: (a) Access access to ProviderArista’s buildings, facilities, facilities and other physical premises shall be controlled and based upon business necessity, sensitivity of assets and the individual’s role and relationship to the ProviderArista. Only personnel associated with Provider Arista are given provided access to ProviderArista’s facilities and physical resources in a manner consistent with their role and responsibilities in the organization.; (b) Relevant Provider relevant Arista facilities are secured by an access control system. Access to such facilities is granted with an activated card only.; (c) All all persons requiring access to facilities and/or resources are issued with appropriate and unique physical access credentials (e.g., e.g. a badge or keycard key card assigned to one individual) by the IS function. Individuals issued with unique physical access credentials are instructed not to allow or enable other individuals to access the ProviderArista’s facilities or resources using their unique credentials (e.g., e.g. no “tailgating”). Temporary (up to fourteen (14) 14 days) credentials may be issued to individuals who do not have active identities where this is necessary: necessary (i) for access to a specific facility, facility and (ii) for valid business needs. Unique credentials are non-transferable and if an individual cannot produce his/her their credentials upon request, he/she request they may be denied entry to ProviderArista’s facilities or escorted off the premises. At staffed entrances, individuals are required to present a valid photo identification or valid credentials to the security representative upon entering. Individuals who have lost or misplaced their credentials or other identification are required to enter through a staffed entrance and be issued a temporary badge by a security representative.; (d) Employees employees are regularly trained and reminded to always carry their credentials, store their laptops, portable devices, devices and documents in a secure location (especially while traveling), ) and log out or shut down their computers when away from their desk.; (e) Visitors visitors who require access to ProviderArista’s facilities must enter through a staffed and/or main facility entrance. Visitors must register their date and time of arrival, time of leaving the building, building and the name of the person they are visiting. Visitors must produce a current, government issued form of identification to validate their identity. To prevent access to, or disclosure of, Personal Data, company proprietary information visitors are not allowed un-escorted access to restricted or controlled areas.; (f) Select Provider select Arista facilities use CCTV monitoring, security guards and other physical measures where appropriate and legally permitted.; (g) Locked locked shred bins are provided on most sites to enable secure destruction of confidential information/Personal Data.personal data; (h) For Providerfor Arista’s major data centerscentres, security guards, UPS, UPS and generators, and change control standards are available.; (i) For for software development and infrastructure deployment projects, the IS function uses a risk evaluation process and a data classification program to manage risk arising from such activities.

Physical Access Controls. Physical access controls/security measures at ProviderExpel’s facilities/premises are designed to meet the following requirements: (a) Access access to ProviderExpel’s buildings, facilities, facilities and other physical premises shall be controlled and based upon business necessity, sensitivity of assets and the individual’s role and relationship to the ProviderExpel. Only personnel associated with Provider Expel are given provided access to ProviderExpel’s facilities and physical resources in a manner consistent with their role and responsibilities in the organization.; (b) Relevant Provider relevant Expel facilities are secured by an access control system. Access to such facilities is granted with an activated card only.; (c) All all persons requiring access to facilities and/or resources are issued with appropriate and unique physical access credentials (e.g., e.g. a badge or keycard key card assigned to one individual) by the IS function. Individuals issued with unique physical access credentials are instructed not to allow or enable other individuals to access the ProviderExpel’s facilities or resources using their unique credentials (e.g., e.g. no “tailgating”). Temporary (up to fourteen (14) days) credentials may be issued to individuals who do not have active identities where this is necessary: (i) for access to a specific facility, and (ii) for valid business needs. Unique credentials are non-transferable and if an individual cannot produce his/her their credentials upon request, he/she they may be denied entry to ProviderExpel’s facilities or escorted off the premises. At staffed entrances, individuals are required to present a valid photo identification or valid credentials to the security representative upon entering. Individuals who have lost or misplaced their credentials or other identification are required to enter through a staffed entrance and be issued a temporary badge by a security representative.; (d) Employees employees are regularly trained and reminded to always carry their credentials, store their laptops, portable devices, devices and documents in a secure location (especially while traveling), ) and log out or shut down their computers when away from their desk.; (e) Visitors visitors who require access to ProviderExpel’s facilities must enter through a staffed and/or main facility entrance. Visitors must register their date and time of arrival, time of leaving the building, building and the name of the person they are visiting. Visitors must produce a current, government issued form of identification to validate their identity. To prevent access to, or disclosure of, Personal Data, company proprietary information visitors are not allowed un-escorted access to restricted or controlled areas.; (f) Select Provider select Expel facilities use CCTV monitoring, security guards and other physical measures where appropriate and legally permitted.; (g) Locked locked shred bins are provided on most sites to enable secure destruction of confidential information/Personal Data.personal data; (h) For Providerfor Expel’s major data centerscentres, security guards, UPS, UPS and generators, and change control standards are available.; (i) For for software development and infrastructure deployment projects, the IS function uses a risk evaluation process and a data classification program to manage risk arising from such activities.

Physical Access Controls. Physical access controls/security measures at Providerdata importer’s facilities/premises are designed to meet the following requirements: (a) Access access to Providerdata importer’s buildings, facilities, facilities and other physical premises shall be controlled and based upon business necessity, sensitivity of assets and the individual’s role and relationship to the Providerdata importer. Only personnel associated with Provider data importer are given provided access to Providerdata importer’s facilities and physical resources in a manner consistent with their role and responsibilities in the organization.; (b) Relevant Provider relevant data importer facilities are secured by an access control system. Access to such facilities is granted with an activated card only.; (c) All all persons requiring access to facilities and/or resources are issued with appropriate and unique physical access credentials (e.g., e.g. a badge or keycard assigned to one individual) by the IS function. Individuals issued with unique physical access credentials are instructed not to allow or enable other individuals to access the Providerdata importer’s facilities or resources using their unique credentials (e.g., e.g. no “tailgating”). Temporary (up to fourteen (14) 14 days) credentials may be issued to individuals who do not have active identities where this is necessary: necessary (i) for access to a specific facility, facility and (ii) for valid business needs. Unique credentials are non-transferable and if an individual cannot produce his/her their credentials upon request, he/she request they may be denied entry to Providerdata importer’s facilities or escorted off the premises. At staffed entrances, individuals are required to present a valid photo identification or valid credentials to the security representative upon entering. Individuals who have lost or misplaced their credentials or other identification are required to enter through a staffed entrance and be issued a temporary badge by a security representative.; (d) Employees employees are regularly trained and reminded to always carry their credentials, store their laptops, portable devices, devices and documents in a secure location (especially while traveling), ) and log out or shut down their computers when away from their desk. (e) Visitors who require access to Provider’s facilities must enter through a staffed and/or main facility entrance. Visitors must register their date and time of arrival, time of leaving the building, and the name of the person they are visiting. Visitors must produce a current, government issued form of identification to validate their identity. To prevent access to, or disclosure of, Personal Data, visitors are not allowed un-escorted access to restricted or controlled areas. (f) Select Provider facilities use CCTV monitoring, security guards and other physical measures where appropriate and legally permitted. (g) Locked shred bins are provided on most sites to enable secure destruction of confidential information/Personal Data. (h) For Provider’s major data centers, security guards, UPS, and generators, and change control standards are available. (i) For software development and infrastructure deployment projects, the IS function uses a risk evaluation process and a data classification program to manage risk arising from such activities.;

Physical Access Controls. Physical access controls/security measures at ProviderArista’s facilities/premises are designed to meet the following requirements: (a) Access access to ProviderArista’s buildings, facilities, facilities and other physical premises shall be controlled and based upon business necessity, sensitivity of assets and the individual’s role and relationship to the ProviderArista. Only personnel associated with Provider Arista are given provided access to ProviderArista’s facilities and physical resources in a manner consistent with their role and responsibilities in the organization.; (b) Relevant Provider relevant Arista facilities are secured by an access control system. Access to such facilities is granted with an activated card only.; (c) All all persons requiring access to facilities and/or resources are issued with appropriate and unique physical access credentials (e.g., e.g. a badge or keycard key card assigned to one individual) by the IS function. Individuals issued with unique physical access credentials are instructed not to allow or enable other individuals to access the ProviderArista’s facilities or resources using their unique credentials (e.g., e.g. no “tailgating”). Temporary (up to fourteen (14) 14 days) credentials may be issued to individuals who do not have active identities where this is necessary: necessary (i) for access to a specific facility, facility and (ii) for valid business needs. Unique credentials are non-non- transferable and if an individual cannot produce his/her their credentials upon request, he/she request they may be denied entry to ProviderArista’s facilities or escorted off the premises. At staffed entrances, individuals are required to present a valid photo identification or valid credentials to the security representative upon entering. Individuals who have lost or misplaced their credentials or other identification are required to enter through a staffed entrance and be issued a temporary badge by a security representative.; (d) Employees employees are regularly trained and reminded to always carry their credentials, store their laptops, portable devices, devices and documents in a secure location (especially while traveling), ) and log out or shut down their computers when away from their desk.; (e) Visitors visitors who require access to ProviderArista’s facilities must enter through a staffed and/or main facility entrance. Visitors must register their date and time of arrival, time of leaving the building, building and the name of the person they are visiting. Visitors must produce a current, government issued form of identification to validate their identity. To prevent access to, or disclosure of, Personal Data, company proprietary information visitors are not allowed un-escorted access to restricted or controlled areas.; (f) Select Provider select Arista facilities use CCTV monitoring, security guards and other physical measures where appropriate and legally permitted.; (g) Locked locked shred bins are provided on most sites to enable secure destruction of confidential information/Personal Data.personal data; (h) For Providerfor Arista’s major data centerscentres, security guards, UPS, UPS and generators, and change control standards are available.; (i) For for software development and infrastructure deployment projects, the IS function uses a risk evaluation process and a data classification program to manage risk arising from such activities.

Physical Access Controls. Physical access controls/security measures at ProviderVendor’s facilities/premises are designed to meet the following requirements: (a) Access access to ProviderVendor’s buildings, facilities, facilities and other physical premises shall be controlled and based upon business necessity, sensitivity of assets and the individual’s role and relationship to the ProviderVendor. Only personnel associated with Provider Vendor are given provided access to ProviderVendor’s facilities and physical resources in a manner consistent with their role and responsibilities in the organization.; (b) Relevant Provider relevant Vendor facilities are secured by an access control system. Access to such facilities is granted with an activated card only.; (c) All all persons requiring access to facilities and/or resources are issued with appropriate and unique physical access credentials (e.g., e.g. a badge or keycard key card assigned to one individual) by the IS function. Individuals issued with unique physical access credentials are instructed not to allow or enable other individuals to access the ProviderVendor’s facilities or resources using their unique credentials (e.g., e.g. no “tailgating”). Temporary (up to fourteen (14) days) credentials may be issued to individuals who do not have active identities where this is necessary: (i) for access to a specific facility, and (ii) for valid business needs. Unique credentials are non-transferable and if an individual cannot produce his/her their credentials upon request, he/she they may be denied entry to ProviderVendor’s facilities or escorted off the premises. At staffed entrances, individuals are required to present a valid photo identification or valid credentials to the security representative upon entering. Individuals who have lost or misplaced their credentials or other identification are required to enter through a staffed entrance and be issued a temporary badge by a security representative.; (d) Employees employees are regularly trained and reminded to always carry their credentials, store their laptops, portable devices, devices and documents in a secure location (especially while traveling), ) and log out or shut down their computers when away from their desk.; (e) Visitors visitors who require access to ProviderVendor’s facilities must enter through a staffed and/or main facility entrance. Visitors must register their date and time of arrival, time of leaving the building, building and the name of the person they are visiting. Visitors must produce a current, government issued form of identification to validate their identity. To prevent access to, or disclosure of, Personal Data, company proprietary information visitors are not allowed un-escorted access to restricted or controlled areas.; (f) Select Provider select Vendor facilities use CCTV monitoring, security guards and other physical measures where appropriate and legally permitted.; (g) Locked locked shred bins are provided on most sites to enable secure destruction of confidential information/Personal Data.personal data; (h) For Providerfor Vendor’s major data centerscentres, security guards, UPS, UPS and generators, and change control standards are available.; (i) For for software development and infrastructure deployment projects, the IS function uses a risk evaluation process and a data classification program to manage risk arising from such activities.