Physical Security Requirements. The minimum security requirements are as follows:
Physical Security Requirements. 1. SSA must store all NDNH information provided pursuant to this agreement in an area that is physically safe from access by unauthorized persons at all times. OCSE stores the agency finder file provided pursuant to this agreement in an area that is physically safe from access by unauthorized persons at all times. Policy/Requirements Traceability: HHS OCIO Policy for IS2P Handbook, PE; NIST SP 800-53 Rev 4, XX-0, XX-0
2. SSA shall maintain a list of personnel authorized to access facilities and systems processing sensitive data, including NDNH information. SSA shall control access to facilities and systems wherever sensitive information is processed. Designated officials shall review and approve the access list and authorization credentials initially and periodically thereafter, but no less often than annually. OCSE maintains lists of personnel authorized to access facilities and systems processing sensitive information. OCSE controls access to facilities and systems wherever sensitive information is processed. Designated officials review and approve the access list and authorization credentials initially and periodically thereafter, but no less often than annually. Policy/Requirements Traceability: HHS OCIO Policy for IS2P Handbook, PE; NIST SP 800-53 Rev 4, AC-2, PE-2
3. SSA shall label printed reports containing NDNH information that denote the level of sensitivity of the information and limitations on distribution. SSA shall maintain printed reports in a locked container when not in use and never transport NDNH information off SSA premises. When no longer needed, in accordance with the retention and disposition requirements in the agreement, SSA shall destroy these printed reports by burning or shredding. OCSE does not generate printed reports containing the agency finder file information. Policy/Requirements Traceability: HHS OCIO Policy for Information Systems Security and Privacy (IS2P) Handbook, MP, MS; NIST SP 800-53 Rev 4, MP-3, MP-4, MP-5, MP-6
4. SSA shall use locks and other protective measures at all physical access points (including designated entry/exit points) to prevent unauthorized access to computer and support areas containing NDNH information. OCSE uses locks and other protective measures at all physical access points (including designated entry/exit points) to prevent unauthorized access to computer and support areas. Policy/Requirements Traceability: HHS OCIO Policy for IS2P Handbook, PE; NIST SP 800-53 Rev 4, PE-3
Physical Security Requirements. Paragraphs 12.14 and 12.15 shall not be construed to require REMEC to violate any existing governmental rules or regulations for purposes of giving SpectraPoint access to its facilities.
Physical Security Requirements. Qualcomm will control and manage the access control devices and CCTV systems in the ODC space that is physically and logically separate from the Service Provider’s general systems. The Service Provider must provide a list of employees that require access to the °DC to complete their job duties for Qualcomm’s approval and authorization. When needed, Qualcomm reserves the right to re-key any applicable entry doors to the ODC space that would override the access control system. Qualcomm reserves the right to require, maintain, and control additional reasonable physical and logical security controls for the UDC during the term of the agreement. Additional controls will be implemented at Qualcomm’s expense, unless the additional controls are a direct result non-compliance with the provisions of this agreement, in which case the Service Provider will be responsible for the cost.
Physical Security Requirements. The router, Ethernet connection and/or dial-up phone connection is to be physically secured from tampering. If the equipment is located in a shared facility, the equipment shall be enclosed in a locked cabinet (for example, Xxxxxxx part number CTD364812 or equivalent).
Physical Security Requirements. Vendor shall perform the Services in an environment mutually agreed upon by Company and Vendor and in compliance with Company’s commercially reasonable requests and applicable law. The aforementioned environment may include, but is not limited to, a request by Company for Vendor to provide a secure or physically segregated area in which to perform the Services. Vendor agrees that compliance with any commercially reasonable requests shall not be unreasonably withheld. The parties agree to meet and review the physical security of the APAC sites where the services are performed or will be performed, and agree to develop a Security Standards document which will be mutually acceptable to both parties. Such review and document completion will be completed no later than April 1, 2005. Only those employees of Vendor who are assigned to perform the Services hereunder or who have a valid business reason for being there shall be allowed access to the portion of the Call Center where the Services (the “Restricted Area”) are being performed. Each employee of Vendor authorized to access the Restricted Area will have a unique identification badge which will clearly identify them as an authorized employee of Vendor. For purposes of this Agreement the term “valid business reason” shall relate to (a) the management of the call center, or (b) related to the Company project as set forth on the applicable Project Schedule. If required by law, or upon mutual agreement by Company and Vendor, any area where potentially regulated pharmacy services will be performed shall be designated as a “Pharmacy,” and as such, access shall only be gained with the consent of and accompanied by either the DPP or the DPP’s designee, which shall be, at a minimum, a Pharmacist. No employee of Vendor shall have a key to a Pharmacy without the DPP’s consent.
