Facility Access Controls Contingency Operations Policy Addressable

Goal: Identify what the Covered Entity should do to have formal, documented procedures for allowing authorized employees to enter its facility to take necessary actions as defined in its disaster recovery and emergency mode operations plans.

The purpose of this policy is to describe the steps needed to access the facility, especially during emergencies. These procedures will describe how an authorized individual will have access to the facility in support of restoration of lost data.

Procedure: Access to the computer room will be controlled with access limited to only those support personnel with a demonstrated need for access. The access card, combination or key to the lock (when applicable) are given only to those personnel who require access to perform their official duties in the computer room.

• The Security Manager or its designated representative will always have access to keys, passwords or access cards to the system(s) in case of emergency.
  • A back-up person will be designated in case the Security Manager is not available.
• Covered Entity will keep a roster of the responsible individual to call in case of emergency.
  • Individual on call should be able to reach the facility within 15 minutes from the call with the proper keys to enter the designate controlled area.