Physical Security of Media DST shall implement controls, consistent with applicable prevailing industry practices and standards, that are designed to deter the unauthorized viewing, copying, alteration or removal of any media containing Fund Data. Removable media on which Fund Data is Schedule 10.2 p.3 stored by DST (including thumb drives, CDs, and DVDs, and PDAS) will be encrypted based on DST encryption policies.
Physical Security BNY Mellon will deploy perimeter security such as barrier access controls around its facilities processing or storing Customer Data. The ISP will include (i) procedures for validating visitor identity and authorization to enter the premises, which may include identification checks, issuance of identification badges and recording of entry purpose of visit and (ii) physical security policies for personnel, such as a “clean desk” policy. In accordance with its ISP and applicable law, BNY Mellon will install closed circuit television (“CCTV”) systems and CCTV recording systems to monitor and record access to controlled areas, such as data centers and server rooms.
Security of Data a. Each of the parties shall:
i. ensure as far as reasonably practicable, that Data is properly stored, is not accessible to unauthorised persons, is not altered, lost or destroyed and is capable of being retrieved only by properly authorised persons;
ii. subject to the provisions of Sub-Clause 8.a. ensure that, in addition to any security, proprietary and other information disclosure provision contained in the Contract, Messages and Associated Data are maintained in confidence, are not disclosed or transmitted to any unauthorised person and are not used for any purpose other than that communicated by the sending party or permitted by the Contract; and
iii. protect further transmission to the same degree as the originally transmitted Message and Associated Data when further transmissions of Messages and Associated Data are permitted by the Contract or expressly authorised by the sending party.
b. The sending party shall ensure that Messages are marked in accordance with the requirements of the Contract. If a further transmission is made pursuant to Sub-Clause 3. a. iii. the sender shall ensure that such markings are repeated in the further transmission.
c. The parties may apply special protection to Messages by encryption or by other agreed means, and may apply designations to the Messages for protective Interchange, handling and storage procedures. Unless the parties otherwise agree, the party receiving a Message so protected or designated shall use at least the same level of protection and protective procedures for any further transmission of the Message and its Associated Data for all responses to the Message and for all other communications by Interchange or otherwise to any other person relating to the Message.
d. If either party becomes aware of a security breach or breach of confidence in relation to any Message or in relation to its procedures or systems (including, without limitation, unauthorised access to their systems for generation, authentication, authorisation, processing, transmission, storage, protection and file management of Messages) then it shall immediately inform the other party of such breach. On being informed or becoming aware of a breach the party concerned shall:
i. immediately investigate the cause, effect and extent of such breach;
ii. report the results of the investigation to the other party; and
iii. use all reasonable endeavours to rectify the cause of such breach.
e. Each party shall ensure that the contents of Messages that are sent or received are not inconsistent with the law, the application of which could restrict the content of a Message or limit its use, and shall take all necessary measures to inform without delay the other party if such an inconsistency arises.
Physical and Environmental Security Controls that provide reasonable assurance that access to physical servers at the production data center or the facility housing Provider’s SFTP Server, if applicable, is limited to properly authorized individuals and that environmental controls are established to detect, prevent and control destruction due to environmental extremes. These controls include:
a) Logging and monitoring of unauthorized access attempts to the data center by the data center security personnel;
b) Camera surveillance systems at critical internal and external entry points to the data center;
c) Systems that monitor and control the air temperature and humidity at appropriate levels for the computing equipment; and
d) Uninterruptible Power Supply (UPS) modules and backup generators that provide back-up power in the event of an electrical failure.
Technical Security Controls 35 a. Workstation/Laptop encryption. All workstations and laptops that store PHI COUNTY 36 discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or transmits on behalf of 37 COUNTY either directly or temporarily must be encrypted using a FIPS 140-2 certified algorithm which 1 is 128bit or higher, such as AES. The encryption solution must be full disk unless approved by the 2 COUNTY.