Authorization and Access. Licensor’s access controls must enforce least privilege, separation of duties, and role-based security as defined in NIST. Licensor shall also ensure prompt deprovisioning of resources.
Authorization and Access. Provider’s access controls must enforce the following information technology security best practices with respect to its services:
Authorization and Access. Client agrees to designate a System Administrator authorized to access the Business Express Services. Designation of the System Administrator may be amended or revoked from time to time upon notice to Bank. Bank shall have a reasonable time to act on such notice. Based on the Service selected, System Administrator may assign Security Credentials and the individual authority level of Authorized Representatives (defined below). Client recognizes and agrees that anyone with knowledge of Security Credentials utilized 109239.000013 4817-3640-3893.8 by Client will be able to access the Service and conduct transactions on behalf of Client. Client represents to Bank that the System Administrator has full authority on behalf of Client to: • designate individuals who will have authority to access Business Express Service on behalf of Client (“Authorized Representatives”), establish their permission rights and otherwise act on Client’s behalf in connection with Business Express Service; • assign user IDs and user passwords to Authorized Representatives for access to Business Express Service; and • accept on Client’s behalf all Service Documentation and other documents and correspondence relating to Business Express Service. The System Administrator will assign user ID’s and user passwords to Authorized Representatives; Bank has no control over the establishment of Authorized Representatives or additional users. If Client has subsidiaries or affiliates with separate Accounts, Bank may, in its discretion, treat each such entity as a separate entity for all security and set up procedures, including the assignment of a separate Client ID and Client password. Bank may also allow common Authorized Representatives’ IDs and Representatives’ passwords and common Security Procedures for all entities for which a particular Authorized Representative is authorized to act. Bank recommends against the use of common user IDs and user passwords. In the event that Client allows its Security Procedures to be used by any affiliate or other entity, Client agrees to be fully liable for any Payment Order or other instructions originated using Client’s Security Procedures. Client also agrees to be fully liable in the event that Client’s Security Procedures are established to allow access and conduct transactions, including Payment Orders, on the accounts at Bank for any third party. Client understands that the use of identification data and, where applicable, Security Credentials is the “Se...
Authorization and Access
