Entry controls Sample Clauses
Entry controls. The Contractor shall prevent unauthorised persons from using IT systems. This shall be done by: ● password procedures (special characters, minimum length, regular change) ● clear assignment of accounts to users, no generic accounts (e.g. Trainee 1, Warehouse, User) ● blocking of the user accounts after several failed login attempts ● use of firewalls/virus scanner ● regular control of the validity of permissions (user accounts) ● secure transmission of authentication secrets (credentials) in the network using TLS/HTTPS, SSH, VPN (IPSec, SSL VPN)
Entry controls. The rooms in which the processing of personal data is carried out or in which data processing systems are installed shall not be freely accessible. They must be locked when the employee is absent. The access authorisations must be issued in a regulated procedure according to the "need to know princi- ple" and must be monitored regularly with regard to their necessity. Rooms in which data processing systems (data centre, servers, network distributors, etc.) are housed must be particularly access con- trolled and may be accessible only to the employees of the IT administration (if required, the man- agement). Alternatively, the devices must be stored in suitable and locked cabinets. Visitors and per- sons outside the company must be registered in a documented procedure and supervised within the premises.