9. All servers and locations where Level 4 or 5 information is stored must be accurately identified and physically secure.