Code of Maryland Regulations
Title 10 - MARYLAND DEPARTMENT OF HEALTH
Part 3
Subtitle 10 - LABORATORIES
Chapter 10.10.11 - Biological Agents Registry Program
Section 10.10.11.21 - BAR Information Security - Physical Safeguards

Universal Citation: MD Code Reg 10.10.11.21

Current through Register Vol. 51, No. 19, September 20, 2024

A trusted partner shall establish physical safeguards to guard BAR information integrity, confidentiality, and availability, which include:

A. Physical protection of the personal computer system used for viewing BAR information and related buildings and equipment from:

(1) Fire;

(2) Natural and environmental hazards;

(3) Disasters; and

(4) Intrusion;

B. A secure work station location with physical safeguards to eliminate or minimize the possibility of unauthorized access to BAR information, including:

(1) Locating a personal computer used to access and view BAR information in a locked room;

(2) Restricting access to the locked room to authorized personnel by using:
(a) Electronic keypads;

(b) Electronic access badges; or

(c) Door locks;

(3) Placing the computer monitor in a way that screen contents are not viewable by an unauthorized person;

(4) Locking file cabinets, desks, and desk drawers that contain BAR information:
(a) During nonworking hours; and

(b) When the BAR information custodian is not present in the immediate area; and

(5) Making BAR information nonviewable or unobtainable before admitting an unauthorized person into the workspace;

C. BAR information media control procedures that govern the receipt, removal, and disposal of BAR information CD-R discs or thumb drives into or out of the facility, which include:

(1) Access control so that only the BAR information custodian can receive the BAR information media;

(2) Accountability procedures that trace the receipt, removal, and disposal of BAR information media;

(3) BAR information storage; and

(4) Tracking the disposal process and the final disposition of:
(a) Electronic BAR information; and

(b) BAR information hardware on which electronic BAR information is stored;

D. Emergency mode operation access controls that enable continuing protection to BAR information in the event of:

(1) Fire;

(2) Vandalism;

(3) Natural disaster; or

(4) BAR information computer information system failure;

E. A facility security plan to safeguard BAR information on the premises from unauthorized physical access, tampering, and theft;

F. Verifying access authorizations before granting physical access;

G. Maintaining documentation of repairs and modifications to the physical components of the facility including:

(1) Hardware;

(2) Walls;

(3) Doors; and

(4) Locks; and

H. Procedures governing the reception and hosting of visitors, including:

(1) Sign-in logs for visitors; and

(2) Providing escorts for visitors, if appropriate.

Disclaimer: These regulations may not be the most recent version. Maryland may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.