A technology provider shall ensure that each data center it uses has physical security measures in place that include:
- (1) restricting physical system access to personnel authorized by the provider to access the data center's system;
- (2) monitoring and logging physical access to the data center's information systems;
- (3) maintaining the physical access logs for five years; and
(4) monitoring and responding to:
- (a) physical intrusion alarms; and
- (b) surveillance system observations and alerts.
History Note: Authority G.S. 10B-4; 10B-106; 10B-125(b); 10B-126; 10B-134.15; 10B-134.17; 10B-134.19; 10B-134.21; 10B-134.23;
Eff. July 1, 2025.