Device and Media Controls policies and procedures that govern the receipt and removal of hardware and electronic media that contain Personal Data into and out of processing facilities, and the movement of these items within processing facilities, including policies and procedures to address the final disposition of Personal Data, and/or the hardware or electronic media on which it is stored, and procedures for removal of Personal Data from electronic media before the media are made available for re-use.
Device and Media Controls. Business Associate shall implement controls and procedures that govern the receipt and removal of hardware and electronic media that create, receive, transmit, transact, or store PHI into and out of a facility (including but not limited to an inventory of all such hardware and electronic media), and the movement of these items within the facility.
Device and Media Controls. Vendor will ensure that all media containing SPE Data sent outside its facilities is encrypted, logged, authorized by management, and sent via secured courier or other delivery method that can be tracked. Vendor will encrypt all back-up/archive media containing SPE Data, and restrict access to all off-site backup/archive media to appropriate authorized personnel. Vendor will encrypt any devices including, without limitation, laptops and mobile devices containing SPE Data that may be taken outside its facilities. System, Storage and Transmission Security – Vendor will implement and maintain physical and technical controls: designed to guard against unauthorized access to or disruption of Vendor Systems, SPE Systems, and (SPE Data including, without limitation, when SPE Data is transmitted over an electronic communications network), designed to ensure that no SPE Data is physically co-mingled with any of Vendor’s (or any third party’s) other data, or virtually co-mingled with other data where such SPE Data shares the same media, device or system, unless the data is logically separated, or compensating controls, approved by SPE, are implemented, and
Device and Media Controls. A10 does not permit User Data to be downloaded, or otherwise stored on laptops or other portable devices, unless they are subject to all of the protections required herein. Such protective measures shall include, at a minimum, that all devices accessing User Data shall be encrypted and use up-to-date anti-malware detection prevention software.
Device and Media Controls. Processor has policies and procedures that govern the receipt and removal of hardware and electronic media that contain Personal Data into and out of a Processor facility, and the movement of these items within a Processor facility, including policies and procedures to address the final disposition of Personal Data, and/or the hardware or electronic media on which it is stored, and procedures for removal of Personal Data from electronic media before the media are made available for re-use. Processor shall ensure that no Personal Data is downloaded or otherwise stored on laptops or other portable devices. Processor will ensure that any and all Personal Data received directly or indirectly from Controller in a portable medium or device, including but not limited to tapes, CDs, DVDs, thumb drives, external hard drives, and any other format, will be encrypted by at all times utilizing best security practice technologies.
Device and Media Controls. BUSINESS ASSOCIATE will implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain electronic PHI into and out of a facility, and the movement of these items within the facility. BUSINESS ASSOCIATE will:
Device and Media Controls. Implement policies and procedures regarding the physical movement of hardware and media that contains EPHI.
Device and Media Controls. The ISP will include policies and procedures that govern the receipt and removal of hardware and electronic media containing Expeditors Information into and out of Service Provider’s facilities and the movement of these items within a Service Provider facility. This includes, without limitation, policies and procedures to address the final disposition of Expeditors Information, the hardware or other media on which it is stored, and procedures for removal of Expeditors Information from electronic media before the media are made available for re-use. Service Provider shall ensure that no Expeditors Information is downloaded or otherwise stored on laptops or other portable devices.
