Physical Controls. Server and mass storage systems storing Intel Classified information must be housed in a physically secure location with access controls to the granularity of the user (e.g. card access controlled room) and with 24x7 intrusion detection systems in place (e.g. a monitored perimeter alarm system). Access control audit trails must be maintained sufficient to support an investigation.
Physical Controls. Cloud Data Center - Amazon Web Services runs in data centers managed and operated by Amazon. These geographically dispersed data centers comply with key industry standards, such as ISO/IEC 27001:2013 and NIST SP 800-53, for security and reliability. The data centers are managed, monitored, and administered by AWS operations staff. The operations staff has years of experience in delivering the world’s largest online services with 24 x 7 continuity. For additional information, please refer to: xxxxx://xxx.xxxxxx.xxx/compliance/data-center/controls/ Access Personal Data collected from Data Subjects by Plannuh is protected by encryption and/or multi- factor authentication. Plannuh will only allow employees and contingent workers with a business purpose to have access to such data if it is required for them to complete their professional duties. Business Continuity, Disaster Recovery Plannuh has implemented and documented appropriate business continuity and disaster recovery plans to enable it to continue or resume providing Services in a timely manner after a disruptive event. Plannuh regularly tests and monitors the effectiveness of its business continuity and disaster recovery plans. Network Security All data is protected by encryption in transit over open, public networks. Data at rest is protected by encryption or compensating security controls. Portable Devices Plannuh will not store Personal Data on any portable computer devices unless it is encrypted in accordance with then current industry best practice. Monitoring Plannuh takes appropriate steps to monitor the security of Personal Data.
Physical Controls. Institute Members shall restrict access to paper and electronic records to prevent unauthorized access to information or records classified as confidential or proprietary or trade secrets; and limit access to only those employees who are duly approved, or cleared, to see them on a need-to-know basis. Institute Members shall implement protocols for proper labeling of records (e.g., with a stamp such as confidential or proprietary or trade secret) or using special colored folders (e.g., red or orange), and keep such marked records physically isolated or segregated in a secure area or in locked filing cabinets. In general, the labels should provide brief but clear direction to the user on how to handle the information. Proper access control through appropriate authorization and accountability and tracking system for employees provided access to confidential information is required. Other recommended physical controls may include (without limitation), defining where confidential proprietary information will be stored and avoiding moving such information from location to location; maintenance of access logs; and prohibiting cameras, phones with photographic capabilities, and/or other copying devices in the presence of such information.
Physical Controls. Policies and procedures to safeguard the facilities and equipment that house Personal Data against unauthorized physical access, theft or destruction; Procedures to control and validate access to facilities that house Personal Data based on role/function, including visitor control; Physical safeguards for all workstations that access Personal Data to restrict access from authorized users; and Permanently destroying or removing Personal Data from hardware prior to final disposition. Technical Controls Policies and procedures to limit access rights based on the principle of least privilege; User access controls that address timely provisioning and de-provisioning of user accounts; Workstations that are set to lock automatically after a set period of inactivity; Encryption at rest and in transit of Personal Data; Industry standard anti-malware software used on all endpoints with behavioral based protection against ransomware and other exploits; Procedures to ensure that all security patches are applied in a timely manner; Operating system and application patches and updates pushed regularly; Network segregation including but not limited to the separation of all Hyland Personal Data stored by Service Provider; and Service Providers that store Hyland Personal Data shall also maintain an external audit program, tested at least annually.
Physical Controls a. Control physical access to all facilities and information processing areas with Confidential Information to ensure only authorized persons with unique, identifiable authorization credentials are permitted access to such facilities;
Physical Controls. Control on nonconforming product pending action must be in accordance with the "MIM Procedure". Positive controls will be established to prevent future processing of nonconforming product until the MRB action is completed.
Physical Controls. Are measures designed to prevent unauthorized physical access to equipment, facilities, material, information, and documents. Physical resources include but are not limited to desktop computers, portable computers, personal information devices, and printers. Rooms containing system hardware and software such as local area network rooms or telephone closets should be secured to ensure that they are accessible to authorized personnel only. Safeguards should be in place to protect food instruments. The Local Agency Grant Agreement and the Service Level Agreement identify specific guidance local agencies must follow to address physical security.
Physical Controls. Supplier will maintain physical controls designed to secure relevant facilities, including layered controls covering perimeter and interior barriers, individual physical access controls, strongly- constructed facilities, suitable locks with key management procedures, access logging, and intruder alarms/alerts and response procedures.
Physical Controls. Physical access to the IgnitionOne premises is controlled through a key card controlled entry gate. Any non-employees entering the premises are required to register themselves at a manned reception desk before being granted access to the premises.
Physical Controls. Off-site backups - Certain critical data are backed up onto physically secured devices and stored off-site. Infrastructure hosted and secured by Amazon Web Services - data importer infrastructure to deliver services is hosted by Amazon Web Services and includes physical measures designed to protect against fire, flood, power interruption, and sabotage. ANNEX III List of Subprocessors Please see xxxxx://xxx.xxxxxxxxxx.xxx/privacy_notice.html SCHEDULE 2 – ADDITIONAL SCC PROVISIONS BASED ON EUROPEAN DATA PROTECTION BOARD RECOMMENDATIONS 01/2020