18 ncac 07j .0613          data center security

A technology provider shall ensure that each data center it uses has physical security measures in place that include:

(1)           restricting physical system access to personnel authorized by the provider to access the data center's system;

(2)           monitoring and logging physical access to the data center's information systems;

(3)           maintaining the physical access logs for five years; and

(4)           monitoring and responding to:

(a)           physical intrusion alarms; and

(b)           surveillance system observations and alerts.

 

History Note:        Authority G.S. 10B-4; 10B-106; 10B-125(b); 10B-126; 10B-134.15; 10B-134.17; 10B-134.19; 10B-134.21; 10B-134.23;

Eff. July 1, 2025.