Facility Access and Physical Security

2021.1

It is the goal of Tuna to provide a safe and secure environment for all employees. Access to the Tuna facilities is limited to authorized individuals only.

Tuna works with Subcontractors (e.g. property management companies and facilities management) to assure restriction of physical access to systems used as part of the Tuna Platform.

Physical Access to all of Tuna facilities is limited to only those authorized in this policy. All workforce members are responsible for reporting an incident of unauthorized visitor and/or unauthorized access to Tuna's facility.

Policy Statements

Tuna policy requires that

(a) Physical access to Tuna facilities is restricted.

(b) All employees are required to wear employee badges at secure facilities (such as server rooms, data centers, labs).

(c) All employees must follow physical security requirements and procedures documented by facility management.

(d) On-site visitors and vendors must be escorted by a Tuna employee at all times while on premise.

(e) All workforce members are responsible for reporting an incident of unauthorized visitor and/or unauthorized access to Tuna's facility.

(f) Retain a record for each physical access, including visits, maintenance and repairs to Tuna production environments and secure facilities.

  • Details must be captured for all maintenance and repairs performed to physical security equipment such as locks, walls, doors, surveillance cameras; and
  • All records must be retained for a minimum of seven years.

(g) Building security, such as fire extinguishers and detectors, escape routes, floor warden responsibilities, shall be maintained according to applicable laws and regulations.

Controls and Procedures

Data Center Security

Physical security of data centers is ensured by the cloud infrastructure service provided, AWS.

Clean Desk Policy and Procedures

Employees must secure all sensitive/confidential information in their workspace at the conclusion of the work day and when away from their workspace. This includes both electronic and physical information such as:

  • computer workstations, laptops, and tablets
  • removable storage devices including CDs, DVDs, USB drives, and external hard drives
  • printed materials

Computer workstations/laptops must be locked (password protected) when physically unattended. Portable devices such as laptops and tablets should be taken home at the conclusion of the work day.

Removable storage devices and printed documents must be treated as sensitive material and locked in a drawer or similar when not in use. Printed materials must be immediately removed from printers or fax machines. Passwords must not be written down or stored physically.

Keys and access cards used for access to sensitive or restricted information/areas must not be left unattended anywhere in the office.