Physical Security. Contractor shall ensure that Medi-Cal PII is used and stored in an area that is physically safe from access by unauthorized persons during working hours and non- working hours. Contractor agrees to safeguard Medi-Cal PII from loss, theft or inadvertent disclosure and, therefore, agrees to:
A. Secure all areas of Contractor facilities where personnel assist in the administration of the Medi-Cal program and use or disclose Medi-Cal PII. The Contractor shall ensure that these secure areas are only accessed by authorized individuals with properly coded key cards, authorized door keys or access authorization; and access to premises is by official identification.
B. Ensure that there are security guards or a monitored alarm system with or without security cameras 24 hours a day, 7 days a week at Contractor facilities and leased facilities where a large volume of Medi-Cal PII is stored.
C. Issue Contractor personnel who assist in the administration of the Medi-Cal program identification badges and require County Workers to wear the identification badges at facilities where Medi-Cal PII is stored or used.
D. Store paper records with Medi-Cal PII in locked spaces, such as locked file cabinets, locked file rooms, locked desks or locked offices in facilities which are multi-use (meaning that there are personnel other than contractor personnel using common areas that are not securely segregated from each other.) The contractor shall have policies which indicate that Contractor and their personnel are not to leave records with Medi-Cal PII unattended at any time in vehicles or airplanes and not to check such records in baggage on commercial airlines.
E. Use all reasonable measures to prevent non-authorized personnel and visitors from having access to, control of, or viewing Medi-Cal PII.
Physical Security. BNY Mellon will deploy perimeter security such as barrier access controls around its facilities processing or storing Customer Data. The ISP will include (i) procedures for validating visitor identity and authorization to enter the premises, which may include identification checks, issuance of identification badges and recording of entry purpose of visit and (ii) physical security policies for personnel, such as a “clean desk” policy. In accordance with its ISP and applicable law, BNY Mellon will install closed circuit television (“CCTV”) systems and CCTV recording systems to monitor and record access to controlled areas, such as data centers and server rooms.
Physical Security. IBM maintains physical security standards designed to restrict unauthorized physical access to IBM data centers. Only limited access points exist into the data centers, which are controlled by two-factor authentication and monitored by surveillance cameras. Access is allowed only to authorized staff that have approved access. Operations staff verifies the approval and issues an access badge granting the necessary access. Employees issued such badges must surrender other access badges and can only possess the data center access badge for the duration of their activity. Usage of badges is logged. Non- IBM visitors are registered upon entering on premises and are escorted when they are on the premises. Delivery areas and loading docks and other points where unauthorized persons may enter the premises are controlled and isolated.
Physical Security. You agree to implement and maintain reasonable physical security for all managed hardware and related devices in your physical possession or control. Such security measures must include (i) physical barriers, such as door and cabinet locks, designed to prevent unauthorized physical access to protected equipment, (ii) an alarm system to mitigate and/or prevent unauthorized access to the premises at which the protected equipment is located, (iii) fire detection and retardant systems, and (iv) periodic reviews of personnel access rights to ensure that access policies are being enforced, and to help ensure that all access rights are correct and promptly updated.
Physical Security. Access Control;
Physical Security. The Contractor shall be responsible for safeguarding all government equipment, information and property provided for Contractor use or purchased by the Contractor under this task order.
Physical Security. Client is responsible for the physical security of its on-premises hardware and software systems.
Physical Security. The County Department/Agency shall ensure Pll is used and stored in an area that is physically safe from access by unauthorized persons at all times. The County Department/Agency agrees to safeguard Pll from loss, theft, or inadvertent disclosure and, therefore, agrees to:
A. Secure all areas of the County Department/Agency facilities where County Workers assist in the administration of their program and use, disclose, or store Pll.
B. These areas shall be restricted to only allow access to authorized individuals by using one or more of the following:
1. Properly coded key cards 2. Authorized door keys 3. Official identification
C. Issue identification badges to County Workers.
D. Require County Workers to wear these badges where Pll is used, disclosed, or stored.
E. Ensure each physical location, where PII is used, disclosed, or stored, has procedures and controls that ensure an individual who is terminated from access to the facility is promptly escorted from the facility by an authorized employee and access is revoked.
F. Ensure there are security guards or a monitored alarm system at all times at the County Department/Agency facilities and leased facilities where five hundred (500) or more individually identifiable records of Pll is used, disclosed, or stored. Video surveillance systems are recommended.
G. Ensure data centers with servers, data storage devices, and/or critical network infrastructure involved in the use, storage, and/or processing of PII have perimeter security and physical access controls that limit access to only authorized County Workers. Visitors to the data center area shall be escorted at all times by authorized County Workers.
H. Store paper records with PII in locked spaces, such as locked file cabinets, locked file rooms, locked desks, or locked offices in facilities which are multi-use meaning that there are County Department/Agency and non-County Department/Agency functions in one building in work areas that are not securely segregated from each other. It is recommended that all PII be locked up when unattended at any time, not just within multi-use facilities.
I. The County Department/Agency shall have policies based on applicable factors that include, at a minimum, a description of the circumstances under which the County Workers can transport PII, as well as the physical security requirements during transport. A County Department/Agency that chooses to permit its County Workers to leave records unattended in vehicles shall...
Physical Security. Fit appropriate locks or other physical controls to the doors and windows of rooms where computers are kept. Physically secure unattended lap tops (for example, by locking them in a secure drawer or cupboard). Ensure you control and secure all removable media, such as removable hard-drives, CDs, floppy disks and USB drives, attached to business-critical assets. Destroy or remove all business-critical information from media such as CDs, and floppy disks before disposing of them. Ensure that all business-critical information is removed from the hard drives of any used computers before disposing of them. Store back-ups of business-critical information either off-site or in a fire and water-proof container.
Physical Security. Individual delivery orders will specify contractor rights of entry to and exit from government facilities as required for performance of work under this contract. Contractor employees shall comply with all applicable directives and policies regarding conduct of personnel and operation of the facility. The Government reserves the right to require Contractor personnel to "sign-in" upon entry to and "sign-out" upon exit from any government facility. The Contractor shall secure and protect all Contractor-owned and Contractor employee- owned personal property and equipment brought into government facilities during performance of work under this contract. The Government shall not be held liable for loss of or damage to Contractor-owned or Contractor employee-owned personal property or equipment brought into government facilities. The Contractor shall remove any Contractor- owned or Contractor employee-owned personal property deemed inappropriate by the Government, for any reason, from the government facility in which it is found. Delivery orders will provide any restrictions regarding the need for contractor employees to be United States citizens, legal residents of the United States, or aliens authorized temporary employment in the United States before they can be employed under this contract. The delivery order will also provide instructions for any requirements for non-disclosure agreements such as the "Commitment to Protect Non-Public Information – Contractor Employee Agreement" form available at xxxxx://xxxx.xxx.xxx/aboutus/publicinfosecurity/acquisition/Documents/Nondisclosure.pdf The Contractor will be held liable for any inappropriate disclosure of information/data by its employees or via any system used by the Contractor. Should the Contractor become aware of the need for additional safeguards, it must notify the COR immediately.
