Box Service Access controls Clause Samples

Box Service Access controls. 6.1 (A)(i) Physical Access Controls. Box will implement the following suitable measures in order to prevent unauthorized persons from gaining access to the data processing equipment used to process Content. (a) Access authorization for Box Personnel and third parties (b) Keycards and passes (c) Restrictions on keys (d) Appropriate requirements for third parties (e) Identifying of the persons having authorized access (f) Protection and restriction of entrances and exits (g) Establishing security areas especially for deliveries and handover (h) Securing the building (security alarm system, supervision by guards) 6.1( A)(ii) Technical Access controls. Box will implement the following suitable measures to prevent unauthorized reading, copying alteration or removal of the data media, unauthorized input into memory and reading/alteration/deletion of Content. (a) Access authorization requirements (b) Identification of workstation and/or the users accessing Box systems (c) Automatic disablement of user IDs after multiple erroneous passwords entered (d) Logging of events and activities (including monitoring of break-in attempts) (e) Issuing and safeguarding of identification codes (f) Dedicated workstations for users (g) Authenticating authorized persons (h) Use of encryption where deemed appropriate by Box (i) Separating production and non-production environments (j) Automatic session log-off of users that have been inactive for a period in excess of thirty (30) minutes (k)Designating areas in which data media may/must be located‌