Entry controls. The rooms in which the processing of personal data is carried out or in which data processing systems are installed shall not be freely accessible. They must be locked when the employee is absent. The access authorisations must be issued in a regulated procedure according to the "need to know princi- ple" and must be monitored regularly with regard to their necessity. Rooms in which data processing systems (data centre, servers, network distributors, etc.) are housed must be particularly access con- trolled and may be accessible only to the employees of the IT administration (if required, the man- agement). Alternatively, the devices must be stored in suitable and locked cabinets. Visitors and per- sons outside the company must be registered in a documented procedure and supervised within the premises.
Appears in 1 contract
Sources: Data Processing Agreement
Entry controls. The rooms in which the processing of personal data is carried out or in which data processing systems are installed shall not be freely accessible. They must be locked when the employee is absent. The access authorisations must be issued in a regulated procedure according to the "need to know princi- pleprinciple" and must be monitored regularly with regard to their necessity. Rooms in which data processing systems (data centre, servers, network distributors, etc.) are housed must be particularly access con- trolled controlled and may be accessible only to the employees of the IT administration (if required, the man- agementmanagement). Alternatively, the devices must be stored in suitable and locked cabinets. Visitors and per- sons persons outside the company must be registered in a documented procedure and supervised within the premises.
Appears in 1 contract
Sources: Data Processing Agreement