Common use of Access Authorization Clause in Contracts

Access Authorization. i. Cisco shall have user account creation and deletion procedures, with appropriate approvals, for granting and revoking access to Customer’s systems and networks. Cisco shall use an enterprise access control system that requires revalidation of its personnel by managers at regular intervals based on the principle of “least privilege” and need-to-know criteria based on job role. ii. Cisco shall maintain and update a record of personnel authorized to access systems that con- tain Protected Data and Cisco shall review users’ access rights at regular intervals. iii. For systems that process Protected Data, Cisco shall revalidate (or where appropriate, deac- tivate) access of users who change reporting structure and deactivate authentication creden- tials that have not been used for a period of time not to exceed six (6) months. iv. Cisco shall restrict access to program source code and associated items such as software object code, designs, specifications, verification plans, and validation plans, in order to prevent the introduction of unauthorized functionality and to avoid unintentional changes.

Access Authorization. i. Cisco shall have user account creation and deletion procedures, with appropriate approvals, for granting and revoking access to Customer’s systems and networks. Cisco shall use an enterprise access control system that requires revalidation of its personnel by managers at regular intervals based on the principle of “least privilege” and need-to-know criteria based on job role. ii. Cisco shall maintain and update a record of personnel authorized to access systems that con- tain Protected Data and Cisco shall review users’ access rights at regular intervals. iii. For systems that process Protected Data, Cisco shall revalidate (or where appropriate, deac- tivatedeacti- vate) access of users who change reporting structure and deactivate authentication creden- tials credentials that have not been used for a period of time not to exceed six (6) months. iv. Cisco shall restrict access to program source code and associated items such as software object code, designs, specifications, verification plans, and validation plans, in order to prevent the introduction of unauthorized functionality and to avoid unintentional changes.