Contractor Hosted Data. If Contractor hosts Protected University Data in or on Contractor or subcontractor facilities, the following additional clauses apply. A. Computers that host Protected University Data shall be housed in secure areas that have adequate walls and entry control such as a card-controlled entry or staffed reception desk. Only authorized personnel shall be allowed to enter, and visitor entry will be strictly controlled. B. Contractor shall design and apply physical protection against damage from fire, flood, earthquake, explosion, civil unrest, and other forms of natural or man-made disasters. Contractor shall protect hosted systems with Uninterruptible Power Supply (UPS) devices sufficient to meet business continuity requirements. C. Contractor shall backup systems or media stored at a separate location with regular scheduled incremental and full back-ups with sufficient retention of backup files to restore data. Contractor shall test restore procedures not less than once per year. D. Contractor shall provide for reasonable and adequate protection on its network and system to include firewall and intrusion detection/prevention. E. Contractor shall use strong encryption and certificate-based authentication on any server hosting on-line and e-commerce transactions with the University to ensure the confidentiality and non-repudiation of the transaction while crossing networks. F. Contractor shall require strong passwords for any user accessing Protected University Data. Strong passwords shall be at least eight characters long; contain at least one upper and one lower case alphabetic characters; and contain at least one numeric or special character. G. The installation or modification of software on systems containing Protected University Data shall be subject to formal change management procedures and segregation of duties requirements. H. Contractor who hosts Protected University Data shall engage an independent third-party auditor to evaluate the information security controls not less than every two (2) years. Such evaluations shall be made available to the University upon request.
Appears in 8 contracts
Samples: Master Agreement, Master Agreement, Master Agreement
Contractor Hosted Data. If Contractor hosts Protected University Data in or on Contractor or subcontractor facilities, the following additional clauses apply.
A. . Computers that host Protected University Data shall be housed in secure areas that have adequate walls and entry control such as a card-controlled entry or staffed reception desk. Only authorized personnel shall be allowed to enter, and visitor entry will be strictly controlled.
B. . Contractor shall design and apply physical protection against damage from fire, flood, earthquake, explosion, civil unrest, and other forms of natural or man-made disasters. Contractor shall protect hosted systems with Uninterruptible Power Supply (UPS) devices sufficient to meet business continuity requirements.
C. . Contractor shall backup systems or media stored at a separate location with regular scheduled incremental and full back-ups with sufficient retention of backup files to restore data. Contractor shall test restore procedures not less than once per year.
D. . Contractor shall provide for reasonable and adequate protection on its network and system to include firewall and intrusion detection/prevention.
E. . Contractor shall use strong encryption and certificate-based authentication on any server hosting on-line and e-commerce transactions with the University to ensure the confidentiality and non-repudiation of the transaction while crossing networks.
F. . Contractor shall require strong passwords for any user accessing Protected University Data. Strong passwords shall be at least eight characters long; contain at least one upper and one lower case alphabetic characters; and contain at least one numeric or special character.
G. . The installation or modification of software on systems containing Protected University Data shall be subject to formal change management procedures and segregation of duties requirements.
H. . Contractor who hosts Protected University Data shall engage an independent third-party auditor to evaluate the information security controls not less than every two (2) years. Such evaluations shall be made available to the University upon request.
Appears in 8 contracts
Samples: Master Agreement, Master Agreement, Master Agreement
Contractor Hosted Data. If Contractor hosts Protected University Data in or on Contractor or subcontractor facilities, the following additional clauses apply.
A. Computers that host Protected University Data shall be housed in secure areas that have adequate walls and entry control such as a card-controlled entry or staffed reception desk. Only authorized personnel shall be allowed to enter, and visitor entry will be strictly controlled.
B. Contractor shall design and apply physical protection against damage from fire, flood, earthquake, explosion, civil unrest, and other forms of natural or man-made disasters. Contractor shall protect hosted systems with Uninterruptible Power Supply (UPS) devices sufficient to meet business continuity requirements.
C. Contractor shall backup systems or media stored at a separate location with regular scheduled incremental and full back-ups with sufficient retention of backup files to restore data. Contractor shall test restore procedures not less than once per year.
D. Contractor shall provide for reasonable and adequate protection on its network and system to include firewall and intrusion detection/prevention.
E. Contractor shall use strong encryption and certificate-based authentication on any server hosting on-line and e-commerce transactions with the University to ensure the confidentiality and non-repudiation of the transaction while crossing networks.
F. Contractor shall require strong passwords for any user accessing Protected University Data. Strong passwords shall be at least eight characters long; contain at least one upper and one lower case alphabetic characters; and contain at least one numeric or special character.
G. The installation or modification of software on systems containing Protected University Data shall be subject to formal change management procedures and segregation of duties requirements.
H. Contractor who hosts Protected University Data shall engage an independent third-third- party auditor to evaluate the information security controls not less than every two (2) years. Such evaluations shall be made available to the University upon request.
Appears in 3 contracts
Samples: On Call Services Master Agreement, Contract for Purchase of Products, On Call Services Master Agreement
Contractor Hosted Data. If Contractor hosts Protected University Data in or on Contractor or subcontractor facilities, the following additional clauses apply.
A. Computers that host Protected University Data shall be housed in secure areas that have adequate walls and entry control such as a card-controlled entry or staffed reception desk. Only authorized personnel shall be allowed to enter, and visitor entry will be strictly controlled.
B. Contractor shall design and apply physical protection against damage from fire, flood, earthquake, explosion, civil unrest, and other forms of natural or man-made disasters. Contractor shall protect hosted systems with Uninterruptible Power Supply (UPS) devices sufficient to meet business continuity requirements.
C. Contractor shall backup systems or media stored at a separate location with regular scheduled incremental and full back-ups with sufficient retention of backup files to restore data. Contractor shall test restore procedures not less than once per year.
D. Contractor shall provide for reasonable and adequate protection on its network and system to include firewall and intrusion detection/prevention.
E. Contractor shall use strong encryption and certificate-based authentication on any server hosting on-line and e-commerce transactions with the University to ensure the confidentiality and non-non- repudiation of the transaction while crossing networks.
F. Contractor shall require strong passwords for any user accessing Protected University Data. Strong passwords shall be at least eight characters long; contain at least one upper and one lower case alphabetic characters; and contain at least one numeric or special character.
G. The installation or modification of software on systems containing Protected University Data shall be subject to formal change management procedures and segregation of duties requirements.
H. Contractor who hosts Protected University Data shall engage an independent third-party auditor to evaluate the information security controls not less than every two (2) years. Such evaluations shall be made available to the University upon request.
Appears in 1 contract
Samples: Contract for Services