Physical Security Controls. Vendor must document and maintain adequate:
a) Physical security controls over all vendor facilities where AXP Data is filed or stored. * .
c) Security and environmental controls over * , which will be used in conjunction with AXP Data, including restricting access to only approved staff.
Physical Security Controls. RevComm monitors the entry and exit of employees, restricts equipment, etc. brought into areas where Personal Data is processed, and prevents unauthorized persons from browsing Personal Data. RevComm takes actions to prevent the theft or loss, etc. of equipment holding Personal Data, electronic media and documents, etc. and implements measures to avoid Personal Data from being easily found when carrying such equipment or electronic media, etc., including moving within an office.
Physical Security Controls. Sirion has implemented information security controls around the physical security of its offices. A customer’s data is stored on the Sirion platform which is hosted in Third Party Cloud Service Providers (CSPs) like, AWS, Azure, etc. As part of their shared responsibility, these CSPs provide physical security of data centers as a managed service to Sirion. Sirion relies on the security controls of these CSPs that are complaint with the ISO 27001, SOC 1, SOC 2 requirements. Sirion uses the CSP’s reports to draws assurance over CSP controls and for evaluating any risks from CSPs to Sirion services to its customers. Sirion uses a Web Application Firewall (WAF) to protect against common web exploits that may affect availability and compromise security. AWS Security Groups (Firewall), Network Intrusion Detection Systems (NIDS), Denial of Service (DoS) Protection, are also implemented to control all inbound and outbound traffic while ensuring network security. The Security Groups restrict traffic by protocol, service port and IP address.
Physical Security Controls. 3.1 Your locations where Upfield Personal Data is processed must be limited to Data Processor Personnel and authorized visitors. Visitor management process should be in place that requires visitors to wear an ID badge.
3.2 Reception areas must be manned or have other means to control physical access.
3.3 Documents that contain Upfield Personal Data must be kept secured when not in use.
3.4 Any back-up media containing Upfield Personal Data stored at your sites must be kept in a secure location with restricted physical access and be encrypted. If off-site media storage is used, you must have a media check-in/check-out process with locked storage for transportation.
Physical Security Controls. CSG shall have physical security controls in place to protect systems and facilities including:
(i) Limiting access to premises and facilities (including the general working areas and computer installations) to authorized individuals,
(ii) ensuring that all members of its workforce who require access to Consumer Information and Consumer Usage Data have appropriately controlled access,
(iii) to authenticate and permit access to Consumer Information and Consumer Usage Data only to authorized individuals,
(iv) Availability of adequate power,
Physical Security Controls. CSG shall have physical security controls in place to protect systems and facilities including:
(i) Limiting access to premises and facilities (including the general working areas and computer installations) to authorized individuals,
(ii) ensuring that all members of its workforce who require access to Consumer Information and Consumer Usage Data have appropriately controlled access,
(iii) to authenticate and permit access to Consumer Information and Consumer Usage Data only to authorized individuals,
(iv) Availability of adequate power,
(v) Back up environmental controls such as Heat Ventilation and Air Conditioning systems, and
(vi) 24 x 7 monitoring to protect computer installations including video cameras at CSG’s production data centers (any request by Customer for CSG to install video surveillance in other areas, to the extent CSG has the authority to install such equipment, shall be subject to Customer’s payment (in advance) to CSG of CSG’s costs to acquire, install, operate and maintain such video surveillance equipment over a three year period; provided, however that in the event CSG’s third-party risk assessment indicates deficient CCTV coverage (i) with respect to PCI Standards or other applicable Law and (ii) in areas owned or controlled by CSG and for which CSG has the authority to install such equipment, then CSG will remediate such deficiencies at CSG’s own cost and expense),
(vii) maintaining policies and procedures that govern the receipt and removal of hardware and electronic media that contain Consumer Information and Consumer Usage Data into and out of a CSG facility, and the movement of these items within a CSG facility, including policies and procedures to address the final disposition of Consumer Information and Consumer Usage Data, and/or the hardware or electronic media on which it is stored, and procedures for removal of Consumer Information and Consumer Usage Data from electronic media before the media are made available for re-use.
Physical Security Controls. Contractor shall safeguard County PHI and/or County PII/PI from loss, theft, inadvertent disclosure, and therefore shall:
14.3.2.1 Ensure County PHI and/or County PII/PI is used and stored in an area that is physically safe from access by unauthorized persons during both working hours and nonworking hours;
14.3.2.2 Secure all areas of Contractor facilities where Contractor workers use or disclose County PHI and/or County PII/PI. The Contractor shall ensure that these secured areas are only accessed by authorized individuals with properly coded key cards, authorized door keys or other access authorization, and access to premises is by official identification;
14.3.2.3 Issue workers who assist in the administration of County PHI and/or County PII/PI identification badges and require workers to wear badges at facilities where County PHI and/or County PII/PI is stored or used;
14.3.2.4 Ensure each location where County PHI and/or County PII/PI is used or stored has procedures and controls that ensure an individual whose access to the facility is terminated:
14.3.2.4.1 Is promptly escorted from the facility by an authorized employee; and
14.3.2.4.2 Immediately has their access revoked to any and all County PHI and/or County PII/PI.
14.3.2.5 Ensure there are security guards or a monitored alarm system twenty-four (24) hours a day, seven (7) days a week at facilities where County PHI and/or County PII/PI is stored;
14.3.2.6 Ensure data centers with servers, data storage devices, and critical network infrastructure involved in the use or storage of County PHI and/or County PII/PI have perimeter security and access controls that limit access to only authorized Information Technology Staff. Visitors to the data center area must be escorted by authorized IT staff at all times;
14.3.2.7 Store paper records with County PHI and/or County PII/PI in locked spaces in any facilities that are multi- use, meaning that there are County PHI and/or County PII/PI functions and Contractor functions in one building in work areas that are not securely segregated. The contractor shall have policies that state workers shall not leave records with County PHI and/or County PII/PI unattended at any time in cars or airplanes and shall not check County PHI and/or County PII/PI on commercial flights; and
14.3.2.8 Use all reasonable means to prevent non-authorized personnel and visitors from having access to, control of, or viewing County PHI and/or County PII/PI.
Physical Security Controls. In connection with any Facilities, Provider shall.
Physical Security Controls. In connection with any Facilities, Provider shall. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED FOR PORTIONS OF THIS EXHIBIT. THE COPY FILED HEREWITH OMITS THE INFORMATION SUBJECT TO A CONFIDENTIALITY REQUEST. OMISSIONS ARE DESIGNATED [ * * * ]. A COMPLETE VERSION OF THIS EXHIBIT HAS BEEN FILED SEPARATELY WITH THE SECURITIES AND EXCHANGE COMMISSION.
(i) [ * * * ]
(ii) [ * * * ]
(iii) [ * * * ]
(iv) [ * * * ]
(v) [ * * * ]
(vi) [ * * * ]
(vii) [ * * * ]
Physical Security Controls. Iron Mountain’s facilities utilise physical controls that reasonably restrict access to Customer Personal Data, including, as Iron Mountain deems appropriate, access control protocols, physical barriers such as locked facilities and areas, employee access badges, visitor logs, visitor access badges, card readers, video surveillance cameras, and intrusion detection alarms. All visitors must sign in and be escorted at all times.