5.2  Physical Access Control

(a)  The Service Provider shall provide the following Services to maintain the physical security of the Authority's ICT Infrastructure, including:

(i)  implementation and documentation of a media management procedure designed to protect the integrity and security of all media used for data backup and recovery of the Authority Data.  This procedure shall also include the secure disposal of media which has gone beyond its end of life; and

(ii)  physical access controls to ensure that access to all Equipment and data used on the Authority business, and located on the Service Provider Premises, is secured as if the Equipment was located on a Site.