Common use of Physical Security Clause in Contracts

Physical Security. The County Department/Agency shall ensure Pll is used and stored in an area that is physically safe from access by unauthorized persons at all times. The County Department/Agency agrees to safeguard Pll from loss, theft, or inadvertent disclosure and, therefore, agrees to: A. Secure all areas of the County Department/Agency facilities where County Workers assist in the administration of their program and use, disclose, or store Pll. B. These areas shall be restricted to only allow access to authorized individuals by using one or more of the following: 1. Properly coded key cards 2. Authorized door keys 3. Official identification C. Issue identification badges to County Workers. D. Require County Workers to wear these badges where Pll is used, disclosed, or stored. E. Ensure each physical location, where PII is used, disclosed, or stored, has procedures and controls that ensure an individual who is terminated from access to the facility is promptly escorted from the facility by an authorized employee and access is revoked. F. Ensure there are security guards or a monitored alarm system at all times at the County Department/Agency facilities and leased facilities where five hundred (500) or more individually identifiable records of Pll is used, disclosed, or stored. Video surveillance systems are recommended. G. Ensure data centers with servers, data storage devices, and/or critical network infrastructure involved in the use, storage, and/or processing of PII have perimeter security and physical access controls that limit access to only authorized County Workers. Visitors to the data center area shall be escorted at all times by authorized County Workers. H. Store paper records with PII in locked spaces, such as locked file cabinets, locked file rooms, locked desks, or locked offices in facilities which are multi-use meaning that there are County Department/Agency and non-County Department/Agency functions in one building in work areas that are not securely segregated from each other. It is recommended that all PII be locked up when unattended at any time, not just within multi-use facilities. I. The County Department/Agency shall have policies based on applicable factors that include, at a minimum, a description of the circumstances under which the County Workers can transport PII, as well as the physical security requirements during transport. A County Department/Agency that chooses to permit its County Workers to leave records unattended in vehicles shall include provisions in its policies to ensure that the PII is stored in a non-visible area such as a trunk, that the vehicle is locked, and that under no circumstances permit PII be left unattended in a vehicle overnight or for other extended periods of time. J. The County Department/Agency shall have policies that indicate County Workers are not to leave records with PII unattended at any time in airplanes, buses, trains, etc., inclusive of baggage areas. This should be included in training due to the nature of the risk. K. Use all reasonable measures to prevent non-authorized personnel and visitors from having access to, control of, or viewing PII.

Physical Security. The County Department/Agency Department shall ensure Medi-Cal Pll is used and stored in an area that is physically safe from access by unauthorized persons at all times. The County Department/Agency Department agrees to safeguard Medi-Cal Pll from loss, theft, or inadvertent disclosure and, therefore, agrees to: A. Secure all areas of the County Department/Agency Department facilities where County Workers assist in the administration of their program Medi-Cal and use, disclose, or store Medi-Cal Pll. B. These areas shall be restricted to only allow access to authorized individuals by using one or more of the following: 1. Properly coded key cards 2. Authorized door keys 3. Official identification C. Issue identification badges to County Workers. D. Require County Workers to wear these badges where Medi-Cal Pll is used, disclosed, or stored. E. Ensure each physical location, where Medi-Cal PII is used, disclosed, or stored, has procedures and controls that ensure an individual who is terminated from access to the facility is promptly escorted from the facility by an authorized employee and access is revoked. F. Ensure there are security guards or a monitored alarm system at all times at the County Department/Agency Department facilities and leased facilities where five hundred (500) 500 or more individually identifiable records of Medi-Cal Pll is used, disclosed, or stored. Video surveillance systems are recommended. G. Ensure data centers with servers, data storage devices, and/or critical network infrastructure involved in the use, storage, and/or processing of Medi-Cal PII have perimeter security and physical access controls that limit access to only authorized County Workers. Visitors to the data center area shall must be escorted at all times by authorized County Workers. H. Store paper records with Medi-Cal PII in locked spaces, such as locked file cabinets, locked file rooms, locked desks, or locked offices in facilities which are multi-use meaning that there are County Department/Agency Department and non-County Department/Agency Department functions in one building in work areas that are not securely segregated from each other. It is recommended that all Medi-Cal PII be locked up when unattended at any time, not just within multi-use facilities. I. The County Department/Agency shall have policies that include, based on applicable factors that include, at a minimumrisk factors, a description of the circumstances under which the County Workers can transport Medi-Cal PII, as well as the physical security requirements during transport. A County Department/Agency that chooses to permit its County Workers to leave records unattended in vehicles shall must include provisions in its policies to ensure that provide the Medi-Cal PII is stored in a non-visible area such as a trunk, that the vehicle is locked, and that under no circumstances permit Medi-Cal PII be left unattended in a vehicle overnight or for other extended periods of time. J. The County Department/Agency Department shall have policies that indicate County Workers are not to leave records with Medi-Cal PII unattended at any time in airplanes, buses, trains, etc., inclusive of including baggage areas. This should be included in training due to the nature of the risk. K. Use all reasonable measures to prevent non-authorized personnel and visitors from having access to, control of, or viewing PII.

Physical Security. The County Department/Agency shall ensure Pll PII is used and stored in an area that is physically safe from access by unauthorized persons at all times. The County Department/Agency agrees to safeguard Pll from loss, theft, or inadvertent disclosure and, therefore, agrees to: A. Secure all areas of the County Department/Agency facilities where County Workers assist in the administration of their program and use, disclose, or store PllPII. B. These areas shall be restricted to only allow access to authorized individuals by using one or more of the following: 1. Properly coded key cards 2. Authorized door keys 3. Official identification C. Issue identification badges to County Workers. D. Require County Workers to wear these badges where Pll PII is used, disclosed, or stored. E. Ensure each physical location, where PII is used, disclosed, or stored, has procedures and controls that ensure an individual who is terminated from access to the facility is promptly escorted from the facility by an authorized employee and access is revoked. F. Ensure there are security guards or a monitored alarm system at all times at the County Department/Agency facilities and leased facilities where five hundred (500) or more individually identifiable records of Pll PII is used, disclosed, or stored. Video surveillance systems are recommended. G. Ensure data centers with servers, data storage devices, and/or critical network infrastructure involved in the use, storage, and/or processing of PII have perimeter security and physical access controls that limit access to only authorized County Workers. Visitors to the data center area shall be escorted at all times by authorized County Workers. H. Store paper records with PII in locked spaces, such as locked file cabinets, locked file rooms, locked desks, or locked offices in facilities which are multi-use meaning that there are County Department/Agency and non-County Department/Agency functions in one building in work areas that are not securely segregated from each other. It is recommended that all PII be locked up when unattended at any time, not just within multi-use facilities. I. The County Department/Agency shall have policies based on applicable factors that include, at a minimum, a description of the circumstances under which the County Workers can transport PII, as well as the physical security requirements during transport. A County Department/Agency DepartmenUAgency that chooses to permit its County Workers to leave records unattended in vehicles shall include provisions in its policies to ensure that the PII is stored in a non-visible area such as a trunk, that the vehicle is locked, and that under no circumstances permit PII be left unattended in a vehicle overnight or for other extended periods of time. J. The County Department/Agency shall have policies that indicate County Workers are not to leave records with PII unattended at any time in airplanes, buses, trains, etc., inclusive of baggage areas. This should be included in training due to the nature of the risk. K. Use all reasonable measures to prevent non-authorized personnel and visitors from having access to, control of, or viewing PII.

Physical Security. The County Department/Agency Department shall ensure Pll is used and stored in an area that is physically safe from access by unauthorized persons at all times. The County Department/Agency Department agrees to safeguard Pll from loss, theft, or inadvertent disclosure and, therefore, agrees to: A. Secure all areas of the County Department/Agency Department facilities where County Workers county staff assist in the administration of their program and use, disclose, or store Pll. B. These areas shall be restricted to only allow access to authorized individuals by using one or more of the following: 1. Properly coded key cards 2. Authorized door keys 3. Official identification C. Issue identification badges to County Workerscounty staff. D. Require County Workers county staff to wear these badges where Pll is used, disclosed, or stored. E. Ensure each physical location, where PII is used, disclosed, or stored, has procedures and controls that ensure an individual who is terminated from access to the facility is promptly escorted from the facility by an authorized employee and access is revoked. F. Ensure there are security guards or a monitored alarm system at all times at the County Department/Agency Department facilities and leased facilities where five hundred (500) or more individually identifiable records of Pll is used, disclosed, or stored. Video surveillance systems are recommended. G. Ensure data centers with servers, data storage devices, and/or critical network infrastructure involved in the use, storage, and/or processing of PII have perimeter security and physical access controls that limit access to only authorized County Workerscounty staff. Visitors to the data center area shall must be escorted at all times by authorized County Workerscounty staff. H. Store paper records with PII in locked spaces, such as locked file cabinets, locked file rooms, locked desks, or locked offices in facilities which are multi-use meaning that there are County Department/Agency Department and non-County Department/Agency Department functions in one building in work areas that are not securely segregated from each other. It is recommended that all PII be locked up when unattended at any time, not just within multi-use facilities. I. The County Department/Agency Department shall have policies that include, based on applicable factors that include, at a minimumrisk factors, a description of the circumstances under which the County Workers county staff can transport PII, as well as the physical security requirements during transport. A County Department/Agency Department that chooses to permit its County Workers county staff to leave records unattended in vehicles shall must include provisions in its policies to ensure that the PII is stored in a non-visible area such as a trunk, that the vehicle is locked, and that under no circumstances permit PII be left unattended in a vehicle overnight or for other extended periods of time. J. The County Department/Agency Department shall have policies that indicate County Workers county staff are not to leave records with PII unattended at any time in airplanes, buses, trains, etc., inclusive of including baggage areas. This should be included in training due to the nature of the risk. K. Use all reasonable measures to prevent non-authorized personnel and visitors from having access to, control of, or viewing PII.

Physical Security. The County Department/Agency Department shall ensure Medi-Cal Pll is used and stored in an area that is physically safe from access by unauthorized persons at all times. The County Department/Agency Department agrees to safeguard Medi-Cal Pll from loss, theft, or inadvertent disclosure and, therefore, agrees to: A. Secure all areas of the County Department/Agency Department facilities where County Workers Workerscounty staff assist in the administration of their Medi-Caltheir program and use, disclose, or store Medi-Cal Pll. B. These areas shall be restricted to only allow access to authorized individuals by using one or more of the following: 1. Properly coded key cards 2. Authorized door keys 3. Official identification C. Issue identification badges to County WorkersWorkers.county staff. D. Require County Workers Workerscounty staff to wear these badges where Medi-Cal Pll is used, disclosed, or stored. E. Ensure each physical location, where Medi-Cal PII is used, disclosed, or stored, has procedures and controls that ensure an individual who is terminated from access to the facility is promptly escorted from the facility by an authorized employee and access is revoked. F. Ensure there are security guards or a monitored alarm system at all times at the County Department/Agency Department facilities and leased facilities where five hundred (500) or more individually identifiable records of Medi-Cal Pll is used, disclosed, or stored. Video surveillance systems are recommended. G. Ensure data centers with servers, data storage devices, and/or critical network infrastructure involved in the use, storage, and/or processing of Medi-Cal PII have perimeter security and physical access controls that limit access to only authorized County WorkersWorkers.county staff. Visitors to the data center area shall must be escorted at all times by authorized County WorkersWorkers.county staff. H. Store paper records with Medi-Cal PII in locked spaces, such as locked file cabinets, locked file rooms, locked desks, or locked offices in facilities which are multi-use meaning that there are County Department/Agency Department and non-County Department/Agency Department functions in one building in work areas that are not securely segregated from each other. It is recommended that all Medi-Cal PII be locked up when unattended at any time, not just within multi-use facilities. I. The County Department/Agency Department shall have policies that include, based on applicable factors that include, at a minimumrisk factors, a description of the circumstances under which the County Workers county staff can transport Medi-Cal PII, as well as the physical security requirements during transport. A County Department/Agency Department that chooses to permit its County Workers Workerscounty staff to leave records unattended in vehicles shall must include provisions in its policies to ensure that provideensure the Medi-Cal PII is stored in a non-visible area such as a trunk, that the vehicle is locked, and that under no circumstances permit Medi-Cal PII be left unattended in a vehicle overnight or for other extended periods of time. J. The County Department/Agency Department shall have policies that indicate County Workers Workerscounty staff are not to leave records with Medi-Cal PII unattended at any time in airplanes, buses, trains, etc., inclusive of including baggage areas. This should be included in training due to the nature of the risk. K. Use all reasonable measures to prevent non-authorized personnel and visitors from having access to, control of, or viewing PII.

Physical Security. The County Department/Agency Contractor shall ensure Pll PII is used and stored in an area that is physically safe from access by unauthorized persons at all times. The County Department/Agency Contractor agrees to safeguard Pll PII from loss, theft, or inadvertent disclosure and, therefore, agrees to: A. a. Secure all areas of the County Department/Agency Contractor’s facilities where County Workers Contractor Staff assist in the administration of their program and use, disclose, or store PllPII. B. b. These areas shall be restricted to only allow access to authorized individuals by using one or more of the following: 1. i. Properly coded key cards 2ii. Authorized door keys 3iii. Official identification C. c. Issue identification badges to County WorkersContractor Staff. D. d. Require County Workers Contractor Staff to wear these badges where Pll PII is used, disclosed, or stored. E. e. Ensure each physical location, where PII is used, disclosed, or stored, has procedures and controls that ensure an individual who is terminated from access to the facility is promptly escorted from the facility by an authorized employee and access is revoked. F. f. Ensure there are security guards or a monitored alarm system at all times at the County Department/Agency Contractor facilities and leased facilities where five hundred (500) or more individually identifiable records of Pll PII is used, disclosed, disclosed or stored. Video surveillance systems are recommended. G. g. Ensure data centers with servers, data storage devices, and/or critical network infrastructure involved in the use, storage, and/or processing of PII have perimeter security and physical access controls that limit access to only authorized County WorkersContractor Staff. Visitors to the data center area shall must be escorted at all times by authorized County WorkersContractor Staff. H. h. Store paper records with PII in locked spaces, such as locked file cabinets, locked file rooms, locked desks, or locked offices in facilities which are have multi-use meaning that there are County Department/Agency and non-County Department/Agency functions in one building in work areas that are not securely segregated from each other. It is recommended that all PII be locked up when unattended at any time, not just within multi-use facilities. I. i. The County Department/Agency Contractor shall have policies that include, based on applicable factors that include, at a minimumrisk factors, a description of the circumstances under which the County Workers Contractor Staff can transport PII, as well as the physical security requirements during transport. A County Department/Agency Contractor that chooses to permit its County Workers staff to leave records unattended in vehicles shall must include provisions in its policies to ensure that the PII is stored in a non-visible area such as a trunk, that the vehicle is locked, and that under no circumstances permit PII be left unattended in a vehicle overnight or for other extended periods of time. J. j. The County Department/Agency Contractor shall have policies that indicate County Workers Contractor Staff are not to leave records with PII unattended at any time in airplanes, buses, trains, etc., inclusive of including baggage areas. This should be included in training due to the nature of the risk. K. k. Use all reasonable measures to prevent non-authorized personnel and visitors from having access to, control of, or viewing PII.

Physical Security. The County Department/Agency LCSA shall ensure Medi-Cal Pll is used and stored in an area that is physically safe from access by unauthorized persons at all timesduring working hours and non-working hours. The County Department/Agency LCSA agrees to safeguard Medi-Cal Pll from loss, theft, or inadvertent disclosure and, therefore, agrees to: A. Secure all areas of the County Department/Agency LCSA facilities where County LCSA Workers assist in the administration of their program use or disclose Medi-Cal Pll. The LCSA shall ensure these secured areas are only accessed by authorized individuals with properly coded key cards, authorized door keys or access authorization; and use, disclose, or store Pllaccess to premises is by official identification. B. These areas shall be restricted to only allow access to authorized individuals by using one or more of the following: 1. Properly coded key cards 2. Authorized door keys 3. Official identification C. Issue identification LCSA Workers badges to County Workers. D. Require County and require LCSA Workers to wear these badges at the LCSA facilities where Medi-Cal Pll is stored or used, disclosed, or stored. E. C. Ensure each physical location, where Medi-Cal PII is used, disclosed, used or stored, has procedures and controls that ensure an individual individual, who is terminated from access to the facility is promptly escorted from the facility by an authorized employee and access is revoked. F. D. Ensure there are security guards or a monitored alarm system at all times with or without security cameras 24 hours a day, seven days a week at the County Department/Agency LCSA facilities and leased facilities where five hundred (500) or more individually identifiable records a large volume of Medi- Cal Pll is used, disclosed, or stored. Video surveillance systems are recommended. G. E. Ensure data centers with servers, data storage devices, and/or and critical network infrastructure involved in the use, storage, and/or processing use or storage of Medi-Cal PII have perimeter security and physical access controls that limit access to only authorized County WorkersInformation Technology (IT) staff. Visitors to the data center area shall must be escorted by authorized IT staff at all times by authorized County Workerstimes. H. F. Store paper records with Medi-Cal PII in locked spaces, such as locked file cabinets, locked file rooms, locked desks, desks or locked offices in facilities which are multi-use use, meaning that there are County Department/Agency LCSA and non-County Department/Agency non- LCSA functions in one building in work areas that are not securely segregated from each other. It is recommended that all PII be locked up when unattended at any time, not just within multi-use facilities. I. The County Department/Agency shall have policies based on applicable factors that include, at a minimum, a description of the circumstances under which the County Workers can transport PII, as well as the physical security requirements during transport. A County Department/Agency that chooses to permit its County Workers to leave records unattended in vehicles shall include provisions in its policies to ensure that the PII is stored in a non-visible area such as a trunk, that the vehicle is locked, and that under no circumstances permit PII be left unattended in a vehicle overnight or for other extended periods of time. J. The County Department/Agency LCSA shall have policies that indicate County LCSA Workers are not to leave records with PII Medi-Cal Pll unattended at any time in vehicles or airplanes and not to check such records in baggage on commercial airplanes, buses, trains, etc., inclusive of baggage areas. This should be included in training due to the nature of the risk. K. G. Use all reasonable measures to prevent non-authorized personnel and visitors from having access to, control of, or viewing Medi-Cal PII.

Physical Security. The County Department/Agency Department shall ensure Pll Medi-Cal PII is used and stored in an area that is physically safe from access by unauthorized persons at all timesduring working hours and non-working hours. The County Department/Agency Department agrees to safeguard Pll Medi-Cal PII from loss, theft, or inadvertent disclosure and, therefore, agrees to: A. Secure all areas of the County Department/Agency Department facilities where County Workers assist in the administration of their program Medi-Cal and useuse or disclose Medi-Cal PII. The County Department shall ensure these secured areas are only accessed by authorized individuals with properly coded key cards, disclose, authorized door keys or store Pllaccess authorization; and access to premises is by official identification. B. These areas shall be restricted to only allow access to authorized individuals by using one or more Issue County Workers, who assist in the administration of the following: 1. Properly coded key cards 2. Authorized door keys 3. Official identification C. Issue Medi-Cal identification badges to County Workers. D. Require and require County Workers to wear these badges at County Department facilities where Pll Medi-Cal PII is stored or used, disclosed, or stored. E. C. Ensure each physical location, where Medi-Cal PII is used, disclosed, used or stored, has procedures and controls that ensure an individual individual, who is terminated from access to the facility is promptly escorted from the facility by an authorized employee and access is revoked. F. D. Ensure there are security guards or a monitored alarm system with or without security cameras 24 hours a day, 7 days a week at all times at the County Department/Agency Department facilities and leased facilities where five hundred (500) or more individually identifiable records a large volume of Pll Medi- Cal PII is used, disclosed, or stored. Video surveillance systems are recommended. G. E. Ensure data centers with servers, data storage devices, and/or and critical network infrastructure involved in the use, storage, and/or processing use or storage of Medi-Cal PII have perimeter security and physical access controls that limit access to only authorized County WorkersInformation Technology (IT) staff. Visitors to the data center area shall must be escorted by authorized IT staff at all times by authorized County Workerstimes. H. F. Store paper records with Medi-Cal PII in locked spaces, such as locked file cabinets, locked file rooms, locked desks, desks or locked offices in facilities which are multi-use use, meaning that there are County Department/Agency Department and non-County Department/Agency Department functions in one building in work areas that are not securely segregated from each other. It is recommended that all PII be locked up when unattended at any time, not just within multi-use facilities. I. The County Department/Agency shall have policies based on applicable factors that include, at a minimum, a description of the circumstances under which the County Workers can transport PII, as well as the physical security requirements during transport. A County Department/Agency that chooses to permit its County Workers to leave records unattended in vehicles shall include provisions in its policies to ensure that the PII is stored in a non-visible area such as a trunk, that the vehicle is locked, and that under no circumstances permit PII be left unattended in a vehicle overnight or for other extended periods of time. J. The County Department/Agency Department shall have policies that indicate County Workers are not to leave records with Medi- Cal PII unattended at any time in vehicles or airplanes and not to check such records in baggage on commercial airplanes, buses, trains, etc., inclusive of baggage areas. This should be included in training due to the nature of the risk. K. G. Use all reasonable measures to prevent non-authorized personnel and visitors from having access to, control of, or viewing Medi-Cal PII.

Physical Security. The County Department/Agency shall ensure Medi-Cal Pll is used and stored in an area that is physically safe from access by unauthorized persons at all times. The County Department/Agency agrees to safeguard Medi-Cal Pll from loss, theft, or inadvertent disclosure and, therefore, agrees to: A. Secure all areas of the County Department/Agency facilities where County Workers assist in the administration of their program Medi-Cal and use, disclose, or store Medi-Cal Pll. B. These areas shall be restricted to only allow access to authorized individuals by using one or more of the following: 1. Properly coded key cards 2. Authorized door keys 3. Official identification C. Issue identification badges to County Workers. D. Require County Workers to wear these badges where Medi-Cal Pll is used, disclosed, or stored. E. Ensure each physical location, where Medi-Cal PII is used, disclosed, or stored, has procedures and controls that ensure an individual who is terminated from access to the facility is promptly escorted from the facility by an authorized employee and access is revoked. F. Ensure there are security guards or a monitored alarm system at all times at the County Department/Agency facilities and leased facilities where five hundred (500) 500 or more individually identifiable records of Medi-Cal Pll is used, disclosed, or stored. Video surveillance systems are recommended. G. Ensure data centers with servers, data storage devices, and/or critical network infrastructure involved in the use, storage, and/or processing of Medi-Cal PII have perimeter security and physical access controls that limit access to only authorized County Workers. Visitors to the data center area shall be escorted at all times by authorized County Workers. H. Store paper records with Medi-Cal PII in locked spaces, such as locked file cabinets, locked file rooms, locked desks, or locked offices in facilities which are multi-use meaning that there are County Department/Agency and non-County Department/Agency functions in one building in work areas that are not securely segregated from each other. It is recommended that all Medi-Cal PII be locked up when unattended at any time, not just within multi-use facilities. I. The County Department/Agency shall have policies based on applicable factors that include, at a minimum, a description of the circumstances under which the County Workers can transport Medi-Cal PII, as well as the physical security requirements during transport. A County Department/Agency that chooses to permit its County Workers to leave records unattended in vehicles shall include provisions in its policies to ensure provide that the Medi-Cal PII is stored in a non-visible area such as a trunk, that the vehicle is locked, and that under no circumstances permit Medi-Cal PII be left unattended in a vehicle overnight or for other extended periods of time. J. The County Department/Agency shall have policies that indicate County Workers are not to leave records with Medi-Cal PII unattended at any time in airplanes, buses, trains, etc., inclusive of baggage areas. This should be included in training due to the nature of the risk. K. Use all reasonable measures to prevent non-authorized personnel and visitors from having access to, control of, or viewing PII.

Physical Security. The County Department/Agency shall ensure Medi-Cal Pll is used and stored in an area that is physically safe from access by unauthorized persons at all times. The County Department/Agency agrees to safeguard Medi-Cal Pll from loss, theft, or inadvertent disclosure and, therefore, agrees to: A. Secure all areas of the County Department/Agency facilities where County Workers assist in the administration of their program Medi-Cal and use, disclose, or store Medi-Cal Pll. B. These areas shall be restricted to only allow access to authorized individuals by using one or more of the following: 1. Properly coded key cards 2. Authorized door keys 3. Official identification C. Issue identification badges to County Workers. D. Require County Workers to wear these badges where Medi-Cal Pll is used, disclosed, or stored. E. Ensure each physical location, where Medi-Cal PII is used, disclosed, or stored, has procedures and controls that ensure an individual who is terminated from access to the facility is promptly escorted from the facility by an authorized employee and access is revoked. F. Ensure there are security guards or a monitored alarm system at all times at the County Department/Agency facilities and leased facilities where five hundred (500) 500 or more individually identifiable records of Medi-Cal Pll is used, disclosed, or stored. Video surveillance systems are recommended. G. Ensure data centers with servers, data storage devices, and/or critical network infrastructure involved in the use, storage, and/or processing of Medi-Cal PII have perimeter security and physical access controls that limit access to only authorized County Workers. Visitors to the data center area shall mustshall be escorted at all times by authorized County Workers. H. Store paper records with Medi-Cal PII in locked spaces, such as locked file cabinets, locked file rooms, locked desks, or locked offices in facilities which are multi-use meaning that there are County Department/Agency and non-County Department/Agency functions in one building in work areas that are not securely segregated from each other. It is recommended that all PII be locked up when unattended at any time, not just within multi-use facilities.which I. A. The County Department/Agency shall have policies that include, based on applicable risk factors that include, at a minimum, a description of the circumstances under which the County Workers H.I. can transport Medi-Cal PII, as well as the physical security requirements during transport. A County Department/Agency that chooses to permit its County Workers to leave records unattended in vehicles shall mustshall include provisions in its policies to ensure provide that the Medi-Cal PII is stored in a non-non- visible area such as a trunk, that the vehicle is locked, and that under no circumstances permit Medi-Cal PII be left unattended in a vehicle overnight or for other extended periods of time. J. The County Department/Agency shall have policies that indicate County Workers are not to leave records with PII unattended at any time in airplanes, buses, trains, etc., inclusive of baggage areas. This should be included in training due to the nature of the risk. K. Use all reasonable measures to prevent non-authorized personnel and visitors from having access to, control of, or viewing PII.