Physical and Environmental Security Policy. Physical and environmental security plans must exist for facilities and scenarios involving access or storage of Customer Data. Additional physical and environmental controls must be required and enforced for applicable facilities, including servers and datacenter locations.
Physical and Environmental Security Policy. The Supplier shall (and shall ensure that its Subcontractors shall) implement a policy identifying the requirements for physical access and control of such access of its Sites (or those of the Subcontractor from where Services are provided). Without prejudice to any of Lloyd’s’ remedies, sanctions against Supplier and Subcontractor staff for breaches of security requirements shall be governed by the Supplier’s or the Subcontractor's disciplinary policy as appropriate. Physical site If a new site is to be selected, Lloyd’s Service Manager should be included as part of the initial assessment and approval team. The Supplier will not perform the Services from other locations without obtaining the prior written consent of Lloyd’s, and any relocation will be approved (which cannot be unreasonably withheld) by and implemented at no additional cost to Lloyd’s (unless any relocation is due to a specific request from Lloyd’s) and without causing any material disruption to the business of Lloyd’s or the Services. Site Changes Significant changes to sites processing Lloyd’s Information must be approved by Lloyd’s Service Manager.