| Code | Section | Title |
|---|
| ISO |
A.11.1 |
Secure areas |
| ISO |
A.11.1.1 |
Physical security perimeter |
| ISO |
A.11.1.2 |
Physical entry controls |
| ISO |
A.11.1.3 |
Securing offices, rooms and facilities |
| ISO |
A.11.1.4 |
Protecting against external and environmental threats |
| ISO |
A.11.1.5 |
Working in secure areas |
| ISO |
A.11.1.6 |
Delivery and loading areas |
| CHI |
SR17 |
Physically securing EHRi systems |
| HIPAA |
164.310(a)(1) |
Standard: Facility access controls |
| SOC2 |
CC6.4 |
The entity restricts physical access to facilities and protected information assets (for example, data center facilities, back-up media storage, and other sensitive locations) to authorized personnel to meet the entity’s objectives. |
| SOC2 |
CC6.4 |
The entity restricts physical access to facilities and protected information assets (for example, data center facilities, back-up media storage, and other sensitive locations) to authorized personnel to meet the entity’s objectives. |
| Code | Section | Title |
|---|
| ISO |
A.11.2 |
Equipment |
| ISO |
A.11.2.1 |
Equipment siting and protection |
| ISO |
A.11.2.2 |
Supporting utilities |
| ISO |
A.11.2.3 |
Cabling security |
| ISO |
A.11.2.4 |
Equipment maintenance |
| ISO |
A.11.2.5 |
Removal of assets |
| HIPAA |
164.310(a)(2)(i) |
Contingency operations (Addressable) |
| HIPAA |
164.310(a)(2)(ii) |
Contingency operations |
| HIPAA |
164.310(a)(2)(iii) |
Access control and validation procedures (Addressable) |
| HIPAA |
164.310(a)(2)(iv) |
Maintenance records |
| SOC2 |
A1.2 |
The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives. |
| SOC2 |
A1.2 |
The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives. |