Physical and Environment Security. Entrust facilities hosting technology information assets are equipped with appropriate controls to restrict physical access to the facility. Physical entry controls include a means to identify personnel and visitors, and ensure the individual is authorized to access the secured area prior to entry. All entry to secured areas are logged and logs are reviewed periodically. Personnel are informed of, and subject to, the guidelines established for working within secured areas. Access points such as delivery or loading areas, and other points where unauthorized persons may enter the facility, are controlled to restrict further entry, and, to the extent it is practical, isolated from information processing areas. Physical security measures include the capability to monitor company facilities to detect unauthorized or unlawful use. Entrust has a physical security plan that incorporates a defined procedure to report suspicious activity, identified security weaknesses, or potential security events, as well as an escalation procedure to communicate events to local law enforcement as appropriate. Facility staff and visitors are informed regarding these physical security procedures and their responsibility to report security events. Information to be transferred shall at all times be properly secured, in accordance with its classification, regardless of the media employed to carry the information or the transmission mechanism. All information to be transferred shall be subject to inspection for malicious software code and other potential hazards to confidentiality, integrity or availability. When the use of encryption is required for safekeeping, such use shall be subject to all applicable security controls as well as legal or regulatory requirements. Information to be transferred shall be subject to established retention and disposal requirements. Information transfer facilities shall comply with all applicable laws and regulations. Information and software shall not be transferred with external parties until all relevant contractual and security requirements are satisfied, including formal written agreements where required.
Appears in 4 contracts
Samples: Data Processing Addendum, End User License Agreement, Data Processing Addendum