Physical Security Clause Samples

Physical Security. Contractor shall ensure that Medi-Cal PII is used and stored in an area that is physically safe from access by unauthorized persons during working hours and non- working hours. Contractor agrees to safeguard Medi-Cal PII from loss, theft or inadvertent disclosure and, therefore, agrees to: A. Secure all areas of Contractor facilities where personnel assist in the administration of the Medi-Cal program and use or disclose Medi-Cal PII. The Contractor shall ensure that these secure areas are only accessed by authorized individuals with properly coded key cards, authorized door keys or access authorization; and access to premises is by official identification. B. Ensure that there are security guards or a monitored alarm system with or without security cameras 24 hours a day, 7 days a week at Contractor facilities and leased facilities where a large volume of Medi-Cal PII is stored. C. Issue Contractor personnel who assist in the administration of the Medi-Cal program identification badges and require County Workers to wear the identification badges at facilities where Medi-Cal PII is stored or used. D. Store paper records with Medi-Cal PII in locked spaces, such as locked file cabinets, locked file rooms, locked desks or locked offices in facilities which are multi-use (meaning that there are personnel other than contractor personnel using common areas that are not securely segregated from each other.) The contractor shall have policies which indicate that Contractor and their personnel are not to leave records with Medi-Cal PII unattended at any time in vehicles or airplanes and not to check such records in baggage on commercial airlines. E. Use all reasonable measures to prevent non-authorized personnel and visitors from having access to, control of, or viewing Medi-Cal PII.

Physical Security. The Contractor shall be responsible for safeguarding all government equipment, information and property provided for Contractor use or purchased by the Contractor under this task order.

Physical Security. Access Control;

Physical Security. You agree to implement and maintain reasonable physical security for all managed hardware and related devices in your physical possession or control. Such security measures must include (i) physical barriers, such as door and cabinet locks, designed to prevent unauthorized physical access to protected equipment, (ii) an alarm system to mitigate and/or prevent unauthorized access to the premises at which the protected equipment is located, (iii) fire detection and retardant systems, and (iv) periodic reviews of personnel access rights to ensure that access policies are being enforced, and to help ensure that all access rights are correct and promptly updated.

Physical Security. Client is responsible for the physical security of its on-premises hardware and software systems.

Physical Security. Fit appropriate locks or other physical controls to the doors and windows of rooms where computers are kept. Physically secure unattended lap tops (for example, by locking them in a secure drawer or cupboard). Ensure you control and secure all removable media, such as removable hard-drives, CDs, floppy disks and USB drives, attached to business-critical assets. Destroy or remove all business-critical information from media such as CDs, and floppy disks before disposing of them. Ensure that all business-critical information is removed from the hard drives of any used computers before disposing of them. Store back-ups of business-critical information either off-site or in a fire and water-proof container.

Physical Security. The County Department/Agency shall ensure Pll is used and stored in an area that is physically safe from access by unauthorized persons at all times. The County Department/Agency agrees to safeguard Pll from loss, theft, or inadvertent disclosure and, therefore, agrees to: A. Secure all areas of the County Department/Agency facilities where County Workers assist in the administration of their program and use, disclose, or store Pll. B. These areas shall be restricted to only allow access to authorized individuals by using one or more of the following: 1. Properly coded key cards 2. Authorized door keys 3. Official identification C. Issue identification badges to County Workers. D. Require County Workers to wear these badges where Pll is used, disclosed, or stored. E. Ensure each physical location, where PII is used, disclosed, or stored, has procedures and controls that ensure an individual who is terminated from access to the facility is promptly escorted from the facility by an authorized employee and access is revoked. F. Ensure there are security guards or a monitored alarm system at all times at the County Department/Agency facilities and leased facilities where five hundred (500) or more individually identifiable records of Pll is used, disclosed, or stored. Video surveillance systems are recommended. G. Ensure data centers with servers, data storage devices, and/or critical network infrastructure involved in the use, storage, and/or processing of PII have perimeter security and physical access controls that limit access to only authorized County Workers. Visitors to the data center area shall be escorted at all times by authorized County Workers. H. Store paper records with PII in locked spaces, such as locked file cabinets, locked file rooms, locked desks, or locked offices in facilities which are multi-use meaning that there are County Department/Agency and non-County Department/Agency functions in one building in work areas that are not securely segregated from each other. It is recommended that all PII be locked up when unattended at any time, not just within multi-use facilities. I. The County Department/Agency shall have policies based on applicable factors that include, at a minimum, a description of the circumstances under which the County Workers can transport PII, as well as the physical security requirements during transport. A County Department/Agency that chooses to permit its County Workers to leave records unattended in vehicles shall...

Physical Security. IBM maintains physical security standards designed to restrict unauthorized physical access to IBM data centers. Only limited access points exist into the data centers, which are controlled by two-factor authentication and monitored by surveillance cameras. Access is allowed only to authorized staff that have approved access. Operations staff verifies the approval and issues an access badge granting the necessary access. Employees issued such badges must surrender other access badges and can only possess the data center access badge for the duration of their activity. Usage of badges is logged. Non- IBM visitors are registered upon entering on premises and are escorted when they are on the premises. Delivery areas and loading docks and other points where unauthorized persons may enter the premises are controlled and isolated.

Physical Security. The Contractor shall ensure PII is used and stored in an area that is physically safe from access by unauthorized persons at all times. The Contractor agrees to safeguard PII from loss, theft, or inadvertent disclosure and, therefore, agrees to: a. Secure all areas of the Contractor’s facilities where Contractor Staff assist in the administration of their program and use, disclose, or store PII. b. These areas shall be restricted to only allow access to authorized individuals by using one or more of the following: i. Properly coded key cards ii. Authorized door keys iii. Official identification c. Issue identification badges to Contractor Staff. d. Require Contractor Staff to wear these badges where PII is used, disclosed, or stored. e. Ensure each physical location, where PII is used, disclosed, or stored, has procedures and controls that ensure an individual who is terminated from access to the facility is promptly escorted from the facility by an authorized employee and access is revoked. f. Ensure there are security guards or a monitored alarm system at all times at the Contractor facilities and leased facilities where five hundred (500) or more individually identifiable records of PII is used, disclosed or stored. Video surveillance are recommended. g. Ensure data centers with servers, data storage devices, and/or critical network infrastructure involved in the use, storage, and/or processing of PII have perimeter MA-063-24010922 May 23, 2024 DocuSignDocuSign EnvelopeEnvelope ID:ID: security and physical access controls that limit access to only authorized Contractor Staff. Visitors to the data center area must be escorted at all times by authorized Contractor Staff. h. Store paper records with PII in locked spaces, such as locked file cabinets, locked file rooms, locked desks, or locked offices in facilities which have multi-use functions in one building in work areas that are not securely segregated from each other. It is recommended that all PII be locked up when unattended at any time, not just within multi-use facilities. i. The Contractor shall have policies that include, based on applicable risk factors, a description of the circumstances under which the Contractor Staff can transport PII, as well as the physical security requirements during transport. A Contractor that chooses to permit its staff to leave records unattended in vehicles must include provisions in its policies to ensure the PII is stored in a non-visible area such as a trunk, th...