Physical Security and Environmental Controls Sample Clauses

The Physical Security and Environmental Controls clause establishes requirements for protecting physical premises and equipment from unauthorized access, damage, or environmental hazards. It typically mandates measures such as secure access controls, surveillance systems, and safeguards against fire, flooding, or power failures in areas where sensitive data or critical systems are housed. This clause ensures that both physical and environmental risks to information assets are minimized, thereby reducing the likelihood of breaches or operational disruptions.
Physical Security and Environmental Controls. Both organizations shall provide physical security and system environmental safeguards adequate to provide protection of the system components. Each organization is responsible for the physical security and environmental controls at their respective locations.2
View SourceView Similar (3)
Physical Security and Environmental Controls. Physical access to the data center is protected by security systems and strictly limited to authorized personnel. • Environmental control provided by a redundant HVAC system. • Data center protected by industry standard fire prevention system. • Safety systems are provided for temperature and humidity control • Continuous power is supplied by battery backup systems and redundant diesel generators.
View Source
Physical Security and Environmental Controls. Although physical security safeguards are implemented in office locations and there are employees who access in-scope data from the offices, these locations do not provide any special access to PII or to critical applications and are considered out of scope for this assessment. All critical systems and applications are located in AWS. Physical and environmental security of the PayByPhone data housed in AWS is the responsibility of AWS. Interested parties should review the AWS audit report. PayByPhone implements mobile device management (MDM) processes to ensure that remote users have their devices protected. All company end-user devices are required to use desktop firewalls and connect using Zero Trust Network Access (ZTNA) solutions provided by the company. The Mobile Device Management Policy requires the use of personal firewalls and use of the Zscaler Zero Trust Network Access solution for remote access to company applications. All end-user devices are managed through MDM platforms: Windows devices use Microsoft Intune, and MacOS devices use Mosyle Enhanced Apple Device Management. The organization has a process for destroying and disposing of data and media when no longer needed. In accordance with the Disposal Policy, all electronic and hardcopy data, when no longer needed for legal, regulatory, or business requirements, must be securely deleted from PayByPhone systems. Before computer or communications equipment can be sent to a vendor for trade-in, servicing or disposal, all cardholder data must be destroyed or removed according to the approved methods. Outsourced destruction of media containing cardholder data must use a disposal vendor that provides a Certificate of Destruction. Media that can be re-used must have the data securely deleted and wiped using a utility approved by the Systems Group. PayByPhone has the following requirements in place for destroying media: • Hard disks are sanitized using a National Institute of Standards and Technology (NIST) 800-88 standard degauss or crosscut shred to, or by penetrating the disk platters with one or more half inch holes drilled though them • Floppy disks are disintegrated, incinerated, pulverized, crosscut shred, or melted • Tape media are degaussed, crosscut shred, incinerated, pulverized, or melted • USB thumb drives, smart cards, and digital media are incinerated, pulverize, or melted • Optical disks (CDs and DVDs) are destroyed, incinerated, pulverized, crosscut shred, or melted Change management...
View Source

Related to Physical Security and Environmental Controls

  • Physical and Environmental Security Controls that provide reasonable assurance that access to physical servers at the production data center or the facility housing Provider’s SFTP Server, if applicable, is limited to properly authorized individuals and that environmental controls are established to detect, prevent and control destruction due to environmental extremes. These controls include: a) Logging and monitoring of unauthorized access attempts to the data center by the data center security personnel; b) Camera surveillance systems at critical internal and external entry points to the data center; c) Systems that monitor and control the air temperature and humidity at appropriate levels for the computing equipment; and d) Uninterruptible Power Supply (UPS) modules and backup generators that provide back-up power in the event of an electrical failure.

  • Technical Security Controls 35 a. Workstation/Laptop encryption. All workstations and laptops that store PHI COUNTY 36 discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of 37 COUNTY either directly or temporarily must be encrypted using a FIPS 140-2 certified algorithm which 1 is 128bit or higher, such as AES. The encryption solution must be full disk unless approved by the 2 COUNTY.

  • O.S.H.A. and Environmental Compliance (a) Borrower has duly complied with, and its facilities, business, assets, property, leaseholds, Real Property and Equipment are in compliance in all material respects with, the provisions of the Federal Occupational Safety and Health Act, the Environmental Protection Act, RCRA and all other Environmental Laws; there have been no outstanding citations, notices or orders of non-compliance issued to Borrower or relating to its business, assets, property, leaseholds or Equipment under any such laws, rules or regulations. (b) Borrower has been issued all required federal, state and local licenses, certificates or permits relating to all applicable Environmental Laws. (i) There are no visible signs of releases, spills, discharges, leaks or disposal (collectively referred to as “Releases”) of Hazardous Substances at, upon, under or within any Real Property or any premises leased by Borrower; (ii) to the best of Borrower’s knowledge, there are no underground storage tanks or polychlorinated biphenyls on the Real Property or any premises leased by Borrower; (iii) to the best of Borrower’s knowledge, neither the Real Property nor any premises leased by Borrower has ever been used as a treatment, storage or disposal facility of Hazardous Waste; and (iv) no Hazardous Substances are present on the Real Property or any premises leased by Borrower, excepting such quantities as are handled in accordance with all applicable manufacturer’s instructions and governmental regulations and in proper storage containers and as are necessary for the operation of the commercial business of Borrower or of its tenants.

  • Physical Security of Media DST shall implement controls, consistent with applicable prevailing industry practices and standards, that are designed to deter the unauthorized viewing, copying, alteration or removal of any media containing Fund Data. Removable media on which Fund Data is Schedule 10.2 p.3 stored by DST (including thumb drives, CDs, and DVDs, and PDAS) will be encrypted based on DST encryption policies.

  • Compliance with Environmental Laws; Environmental Reports (a) Comply and use commercially reasonable efforts to cause all lessees and other persons occupying Real Property owned or operated by any Company to comply, in all material respects with all Environmental Laws and Environmental Permits applicable to its operations and property and obtain and renew all material Environmental Permits applicable to its operations and property and conduct any Response in accordance with Environmental Laws; provided, however, that no Company shall be required to undertake any Response to the extent that its obligation to do so is being contested in good faith and by proper proceedings and appropriate reserves are being maintained with respect to such circumstances in accordance with GAAP. (b) If a Default caused by reason of a breach of Section 3.17 or Section 5.09(a) shall have occurred and be continuing for more than 20 Business Days without the Companies commencing activities reasonably likely to cure such Default, at the written request of the Required Lenders through the Administrative Agent, provide to the Lenders within 45 days after such request, at the expense of Borrower, an environmental site assessment report regarding the matters which are the subject of such default, including where appropriate, any soil and/or groundwater sampling, prepared by an environmental consulting firm and in form and substance reasonably acceptable to the Administrative Agent and indicating the presence or absence of Hazardous Materials and the estimated cost of any compliance or Response to address them in connection with such Default.