Common use of Separation of Duties / Access Controls Clause in Contracts

Separation of Duties / Access Controls. The Contractor must ensure that all NYS Confidential Information that it holds under this Contract is stored in a controlled access environment to ensure data security and integrity. Contractor will provide the State a list of the physical locations where Contractor has stored any NYS Confidential Information at any given time and will update that list if the physical location changes. All Contractor facilities must have adequate security systems in place to protect against the unauthorized access to such facilities and data stored therein. Access into and within such facilities must be restricted by Contractor through an access control system that requirespositive identification of authorized individuals as well as maintains a log of all accesses (e.g., date and time of the event, type of event, user identity, component of the information system, outcome of the event). The Contractor shall have a formal procedure in place for granting computer system access to NYS Confidential Information and to track access. Contractor access to NYS Confidential Information for any types of projects outside of those approved by ITS are prohibited.

Separation of Duties / Access Controls. The Contractor must ensure that all NYS Confidential Information that it holds under this Contract is stored in a controlled access environment to ensure data security and integrity. Contractor will provide the State a list of the physical locations where Contractor has stored any NYS Confidential Information at any given time and will update that list if the physical location changes. All Contractor facilities must have adequate security systems in place to protect against the unauthorized access to such facilities and data stored therein. Access into and within such facilities must be restricted by Contractor through an access control system that requirespositive requires positive identification of authorized individuals as well as maintains a log of all accesses (e.g., date and time of the event, type of event, user identity, component of the information system, outcome of the event). The Contractor shall have a formal procedure in place for granting computer system access to NYS Confidential Information and to track access. Contractor access to NYS Confidential Information for any types of projects outside of those approved by ITS are prohibited.