Facility Access and Physical Security


It is the goal of JupiterOne to provide a safe and secure environment for all employees. Access to the JupiterOne facilities is limited to authorized individuals only.

JupiterOne works with Subcontractors such as property management companies to assure restriction of physical access to systems used as part of the delivery of the JupiterOne Platform. JupiterOne and its Subcontractors control access to the physical buildings/facilities that house these systems/applications, or in which JupiterOne workforce members operate.

Physical access to all of JupiterOne facilities is limited to only those authorized in this policy. In an effort to safeguard data and physical assets from unauthorized access, tampering, and theft, access is allowed to areas only to those persons authorized to be in them and with escorts for unauthorized persons. All workforce members are responsible for reporting an incident of unauthorized visitor and/or unauthorized access to JupiterOne’s facility.

!!! Note

* No sensitive data is ever stored on premises or on end-user computing devices.

Policy Statements

JupiterOne policy requires that

(a) Physical access to JupiterOne facilities is restricted via badge access.

(b) All employees must follow physical security requirements and procedures documented by property management.

(c) On-site visitors and vendors must be escorted by a JupiterOne employee at all times while on premise.

(d) All workforce members are responsible for reporting an incident of unauthorized visitor and/or unauthorized access to JupiterOne’s facility or the Security Officer.

(e) Property Management retains a record for each physical access, including visits, and/or facility maintenance and repairs.

(g) Building security, such as fire extinguishers and detectors, escape routes, floor warden responsibilities, etc., shall be maintained according to applicable laws and regulations.

Controls and Procedures

Physical Security

Access Requirements Overview

Building Standards per Location

All entry points are secured by card readers and have cameras for additional monitoring as needed.

Facility Access Data Storage

mySonitrol (Morrisville office) stores all access control logs for 90 days.

Camera footage is stored on cameras and footage is accessed through Meraki. Footage is stored for a minimum of 30 days.

Facility Access Control Process

Access cards are stored in a locked cabinet until they are activated and issued.

New Hires

New Hire access cards are assigned based on new hire notice issued through the Jira ServiceDesk.


Separation notices are issued through the Jira ServiceDesk.

Special Access Requests

Special access areas require additional approvals for access. If documented approver is unavailable, Security Officer may act as approver.

Access Approval
Morrisville MDF Approval is required from Manager or Head of Development prior to access being granted

Maintenance & Repairs

All maintenance, repairs and modifications to our access control system will be handled by the local vendor that supports our system.

All documents regarding maintenance, repair or modification will be stored in the Physical Security folder on JupiterOne’s Google Drive.

Location Building Access Control JupiterOne Suite Access Control
Morrisville Office Spectrum - Property Manager Sonitrol of the Triangle

Reporting and Auditing

All access control records are audited on an annual basis. FAC1

Special access is audited and reviewed with approver quarterly. FAC2

Records are owned and maintained by the HR Manager. Records are kept in the Physical Security folder on Google Drive and will be retained for a minimum of 3 years.

Clean Desk Procedures

Employees must secure all sensitive/confidential information in their workspace at the conclusion of the work day and when away from their workspace. This includes both electronic and physical information such as:

Computer workstations/laptops must be locked (password protected) when physically unattended. Portable devices such as laptops and tablets should be taken home at the conclusion of the work day.

Removable storage devices and printed documents must be treated as sensitive material and locked in a drawer or similar when not in use. Printed materials must be immediately removed from printers or fax machines. Passwords must not be written down or stored physically.

Keys and access cards used for access to sensitive or restricted information/areas must not be left unattended anywhere in the office.

Data Center Security

Physical security of data centers is ensured by the cloud infrastructure service provider, AWS.