Goal: Identify what the Covered Entity should do to have formal, documented procedures for allowing authorized employees to enter its facility to take necessary actions as defined in its disaster recovery and emergency mode operations plans.
The purpose of this policy is to describe the steps needed to access the facility, especially during emergencies. These procedures will describe how an authorized individual will have access to the facility in support of restoration of lost data.
Procedure: Access to the computer room will be controlled with access limited to only those support personnel with a demonstrated need for access. The access card, combination or key to the lock (when applicable) are given only to those personnel who require access to perform their official duties in the computer room.