Common use of Implement Strong Access Control Measures Clause in Contracts

Implement Strong Access Control Measures. 1.1 Do not provide your credit reporting agency Subscriber Codes or passwords to anyone. No one from the credit reporting agency will ever contact you and request your Subscriber Code number or password. 1.2 Proprietary or third party system access software must have credit reporting agency Subscriber Codes and password(s) hidden or embedded. Account numbers and passwords should be known only by supervisory personnel. 1.3 You must request your Subscriber Code password be changed immediately when: • any system access software is replaced by another system access software or is no longer used; • the hardware on which the software resides is upgraded, changed or disposed of 1.4 Protect credit reporting agency Subscriber Code(s) and password(s) so that only key personnel know this sensitive information. Unauthorized personnel should not have knowledge of your Subscriber Code(s) and password(s). 1.5 Create a separate, unique user ID for each user to enable individual authentication and accountability for access to the credit reporting agency’s infrastructure. Each user of the system access software must also have a unique logon password. 1.6 Ensure that user IDs are not shared and that no Peer-to-Peer file sharing is enabled on those users’ profiles. 1.7 Keep user passwords Confidential. 1.8 Develop strong passwords that are: • Not easily guessable (i.e. your name or company name, repeating numbers and letters or consecutive numbers and letters) • Contain a minimum of seven (7) alpha/numeric characters for standard user accounts 1.9 Implement password protected screensavers with a maximum fifteen (15) minute timeout to protect unattended workstations. 1.10 Active logins to credit information systems must be configured with a 30 minute inactive session, timeout. 1.11 Restrict the number of key personnel who have access to credit information. 1.12 Ensure that personnel who are authorized access to credit information have a business need to access such information and understand these requirements to access such information are only for the permissible purposes listed in the Permissible Purpose Information section of your membership application. 1.13 Ensure that you and your employees do not access your own credit reports or those reports of any family member(s) or friend(s) unless it is in connection with a credit transaction or for another permissible purpose. 1.14 Implement a process to terminate access rights immediately for users who access credit reporting agency credit information when those users are terminated or when they have a change in their job tasks and no longer require access to that credit information. 1.15 After normal business hours, turn off and lock all devices or systems used to obtain credit information. 1.16 Implement physical security controls to prevent unauthorized entry to your facility and access to systems used to obtain credit information.

Implement Strong Access Control Measures. 1.1 Do not provide your credit reporting agency Subscriber Codes or passwords to anyone. No one from the credit reporting agency will ever contact you and request your Subscriber Code number or password. 1.2 Proprietary or third party system access software must have credit reporting agency Subscriber Codes and password(s) hidden or embedded. Account numbers and passwords should be known only by supervisory personnel. 1.3 You must request your Subscriber Code password be changed immediately when: • any system access software is replaced by another system access software or is no longer used; • the hardware on which the software resides is upgraded, changed or disposed of 1.4 Protect credit reporting agency Subscriber Code(s) and password(s) so that only key personnel know this sensitive information. Unauthorized personnel should not have knowledge of your Subscriber Code(s) and password(s). 1.5 Create a separate, unique user ID for each user to enable individual authentication and accountability for access to the credit reporting agency’s infrastructure. Each user of the system access software must also have a unique logon password. 1.6 Ensure that user IDs are not shared and that no Peer-to-Peer file sharing is enabled on those users’ profiles. 1.7 Keep user passwords Confidential. 1.8 Develop strong passwords that are: • Not easily guessable (i.e. your name or company name, repeating numbers and letters or consecutive numbers and letters) • Contain a minimum of seven (7) alpha/numeric characters for standard user accounts 1.9 Implement password protected screensavers with a maximum fifteen (15) minute timeout to protect unattended workstations. 1.10 Active logins to credit information systems must be configured with a 30 minute inactive session, timeout. 1.11 Restrict the number of key personnel who have access to credit information. 1.12 Ensure that personnel who are authorized access to credit information have a business need to access such information and understand these requirements to access such information are only for the permissible purposes listed in the Permissible Purpose Information section of your membership application. 1.13 Ensure that you and your employees do not access your own credit reports or those reports of any family member(s) or friend(s) unless it is in connection with a credit transaction or for another permissible purpose. 1.14 Implement a process to terminate access rights immediately for users who access credit reporting agency credit information when those users are terminated or when they have a change in their job tasks and no longer require access to that credit information. 1.15 After normal business hours, turn off and lock all devices or systems used to obtain credit information. 1.16 Implement physical security controls to prevent unauthorized entry to your facility and access to systems used to obtain credit information.

Implement Strong Access Control Measures. 1.1 Do not provide your credit reporting agency Subscriber Codes or passwords to anyone. No one from the credit reporting agency will ever contact you and request your Subscriber Code number or password. 1.2 Proprietary or third party system access software must have credit reporting agency Subscriber Codes and password(s) hidden or embedded. Account numbers and passwords should be known only by supervisory personnel. 1.3 You must request your Subscriber Code password be changed immediately when: •  any system access software is replaced by another system access software or is no longer used; •  the hardware on which the software resides is upgraded, changed or disposed of 1.4 Protect credit reporting agency Subscriber Code(s) and password(s) so that only key personnel know this sensitive information. Unauthorized personnel should not have knowledge of your Subscriber Code(s) and password(s). 1.5 Create a separate, unique user ID for each user to enable individual authentication and accountability for access to the credit reporting agency’s infrastructure. Each user of the system access software must also have a unique logon password. 1.6 Ensure that user IDs are not shared and that no Peer-to-Peer file sharing is enabled on those users’ profiles. 1.7 Keep user passwords Confidential. 1.8 Develop strong passwords that are: •  Not easily guessable (i.e. your name or company name, repeating numbers and letters or consecutive numbers and letters) •  Contain a minimum of seven (7) alpha/numeric characters for standard user accounts 1.9 Implement password protected screensavers with a maximum fifteen (15) minute timeout to protect unattended workstations. 1.10 Active logins to credit information systems must be configured with a 30 minute inactive session, timeout. 1.11 Restrict the number of key personnel who have access to credit information. 1.12 Ensure that personnel who are authorized access to credit information have a business need to access such information and understand these requirements to access such information are only for the permissible purposes listed in the Permissible Purpose Information section of your membership application. 1.13 Ensure that you and your employees do not access your own credit reports or those reports of any family member(s) or friend(s) unless it is in connection with a credit transaction or for another permissible purpose. 1.14 Implement a process to terminate access rights immediately for users who access credit reporting agency credit information when those users are terminated or when they have a change in their job tasks and no longer require access to that credit information. 1.15 After normal business hours, turn off and lock all devices or systems used to obtain credit information. 1.16 Implement physical security controls to prevent unauthorized entry to your facility and access to systems used to obtain credit information.

Implement Strong Access Control Measures. 1.1 Do not provide your credit reporting agency Subscriber Codes or passwords to anyone. No one from the credit reporting agency will ever contact you and request your Subscriber Code number or password. 1.2 . Proprietary or third party system access software must have credit reporting agency Subscriber Codes and password(s) hidden or embedded. Account numbers and passwords should be known only by supervisory personnel. 1.3 . You must request your Subscriber Code password be changed immediately when: • any Any system access software is replaced by another system access software or of is no longer used; • the The hardware on which the software resides is upgraded, changed or disposed of 1.4 of Protect credit reporting agency Subscriber Code(s) and password(s) so that only key personnel know this sensitive information. Unauthorized personnel should not have knowledge of your Subscriber Code(s) and password(s). 1.5 . Create a separate, unique user ID for each user to enable individual authentication and accountability for access to the credit reporting agency’s infrastructure. Each user of the system access software must also have a unique logon password. 1.6 . Ensure that user IDs are not shared and that no Peer-to-Peer file sharing is enabled on those users’ profiles. 1.7 . Keep user passwords Confidential. 1.8 . Develop strong passwords that are: • Not easily guessable (i.e. your name or company name, repeating numbers and letters or consecutive numbers and letters) • Contain a minimum of seven (7) alpha/numeric characters for standard user accounts 1.9 accounts Implement password protected screensavers with a maximum fifteen (15) minute timeout to protect unattended workstations. 1.10 . Active logins to credit information systems must be configured with a 30 minute inactive session, timeout. 1.11 . Restrict the number of key personnel who have access to credit information. 1.12 . Ensure that personnel who are authorized access to credit information have a business need to access such information and understand these requirements to access such information are only for the permissible purposes listed in the Permissible Purpose Information section of your membership application. 1.13 . Ensure that you and your employees do not access your own credit reports or those reports of any family member(s) or friend(s) unless it is in connection with a credit transaction or for another permissible purpose. 1.14 . Implement a process to terminate access rights immediately for users who access credit reporting agency credit information when those users are terminated or when they have a change in their job tasks and no longer require access to that credit information. 1.15 . After normal business hours, turn off and lock all devices or systems used to obtain credit information. 1.16 . Implement physical security controls to prevent unauthorized entry to your facility and access to systems used to obtain credit information.

Implement Strong Access Control Measures. 1.1 Do not provide your credit reporting agency Subscriber CLIENT understands and agrees that they must implement strong access control measures to protect sensitive information. These measures include: ● Not providing CLIENT Identification Codes (CIC’s) or passwords to anyone. No one from the credit reporting agency Sapphire Check LLC will ever contact you and request your Subscriber Code number a CIC or password. 1.2 . ● Proprietary or third party system access software must have credit reporting agency Subscriber Codes CIC’s and password(s) passwords hidden or embedded. Account numbers ● CIC and passwords password control and management should be known only by supervisory personnel. 1.3 maintained at the management level. ● You must request your Subscriber Code any CIC or password be changed immediately when: • when any system access software is replaced by another system access software or is no longer used; • used; the hardware on which the software resides is upgraded, changed or disposed of 1.4 . ● Protect credit reporting agency Subscriber Code(s) your CIC’s and password(s) password so that only key personnel know this sensitive information. Unauthorized personnel should not have knowledge of your Subscriber Code(s) CIC’s and password(s). 1.5 . ● Create a separate, unique user ID CIC’s for each user USER to enable individual authentication and accountability for access to the credit reporting agencySapphire Check LLC’s infrastructure. Each user CLIENT of the system access software must also have a unique logon password. 1.6 . ● Ensure that user IDs CIC’s and Passwords are not shared and that no Peer-to-Peer peer­to­peer file sharing is enabled on those users’ USER’S profiles. 1.7 . ● Keep user passwords Confidential. 1.8 CIC’s and Passwords confidential. ● Develop strong passwords that are: • Not are not easily guessable (i.e. your name or company name, repeating numbers and letters or consecutive numbers and letters) • Contain ). They should contain a minimum of seven (7) alpha/numeric characters for standard user USER accounts 1.9 . ● Implement password protected screensavers with a maximum fifteen (15) minute timeout to protect unattended workstations. 1.10 . ● Active logins to credit information systems must be configured with a 30 minute inactive session, timeout. 1.11 . ● Restrict the number of key personnel who have access to credit information. 1.12 . ● Ensure that personnel who are authorized access to credit information have a business need to access such information and understand these requirements to access such information are only for the permissible purposes listed in the Permissible Purpose Information section of your membership application. 1.13 . ● Ensure that you and your employees do not access your own credit reports or those reports of any family member(s) or friend(s) unless it is in connection with a credit transaction or for another permissible purpose. 1.14 . ● Implement a process to terminate access rights immediately for users USERS’s who access credit reporting agency credit Sapphire Check LLC’s information when those users USERS’s are terminated or when they have a change in their job tasks and no longer require access to that credit information. 1.15 . ● After normal business hours, turn off and lock all devices or systems used to obtain credit information. 1.16 . ● Implement physical security controls to prevent Sapphire Check LLC unauthorized entry to your facility and access to systems used to obtain credit information.

Implement Strong Access Control Measures. 1.1 (A) Do not provide your credit reporting agency Subscriber Alliance 2020, Inc. Subscriber/End-User Codes or passwords to anyone. No one from the credit reporting agency Alliance 2020, Inc. will ever contact you and request your Subscriber Subscriber/End-User Code number or password. 1.2 (B) Proprietary or third party system access software must have credit reporting agency Subscriber Alliance 2020, Inc. Subscriber/End-User Codes and password(s) hidden or embeddedhidden. Account numbers and passwords should be known only by supervisory personnel. 1.3 (C) You must request your Subscriber Subscriber/End-User Code password be changed immediately when: • any Any system access software is replaced by another system access software or is no longer usedus e d ; • the The hardware on which the software resides is upgraded, changed or disposed ofdisposed. 1.4 (D) Protect credit reporting agency Subscriber Alliance 2020, Inc. Subscriber/End-User Code(s) and password(s) so that only key personnel know this sensitive information. Unauthorized personnel should not have knowledge of know your Subscriber Subscriber/End-User Code(s) and password(s). 1.5 (E) Create a separate, unique user ID for each user to enable individual authentication and accountability for access to the credit reporting agencyAlliance 2020, Inc.’s infrastructure. Each user of the system access software must also have a unique logon passwordpas s w o rd . 1.6 (F) Ensure that user IDs are not shared and that no Peer-to-Peer file sharing is enabled on those users’ profiles. 1.7 (G) Keep user passwords Confidentialconfidential. 1.8 (H) Develop strong passwords that are: • Not easily guessable (i.e. your name or company name, repeating numbers and letters or consecutive numbers and letters) • Contain a minimum of seven (7) alpha/numeric characters for standard user accounts 1.9 (I) Implement password protected screensavers with a maximum fifteen (15) minute timeout to protect unattended workstations. 1.10 (J) Active logins to credit information systems must be configured with a 30 30-minute inactive session, session timeout. 1.11 (K) Restrict the number of key personnel who have access to credit informationin fo rm a tio n . 1.12 (L) Ensure that personnel who are authorized access to credit information have a business need to access such information and understand these requirements to access such information are only for the permissible purposes listed in the Permissible Purpose Information section of your membership application.. 7/11 Alliance 2020, Inc. Prop rie tary 1.13 (M) Ensure that you and your employees do not access your own credit reports or those reports of any family member(s) or friend(s) unless it is in connection with a credit transaction or for another permissible purposepu rpo s e . 1.14 (N) Implement a process to terminate access rights immediately for users who access credit reporting agency Alliance 2020, Inc. credit information when those users are terminated or when they have a change in their job tasks and no longer require access to that credit information. 1.15 (O) After normal business hours, turn off and lock all devices or systems used to obtain credit information. 1.16 (P) Implement physical security controls to prevent unauthorized entry to your facility and access to systems used to obtain credit information.

Implement Strong Access Control Measures. 1.1 Do not provide your credit reporting agency Subscriber Codes or passwords to anyone. No one from the credit reporting agency will ever contact you and request your Subscriber Code number or password. 1.2 Proprietary or third party system access software must have credit reporting agency Subscriber Codes and password(s) hidden or embedded. Account numbers and passwords should be known only by supervisory personnel. 1.3 You must request your Subscriber Code password be changed immediately when: •  any system access software is replaced by another system access software or is no longer used; •  the hardware on which the software resides is upgraded, changed or disposed of 1.4 Protect credit reporting agency Subscriber Code(s) and password(s) so that only key personnel know this sensitive information. Unauthorized personnel should not have knowledge of your Subscriber Code(s) and password(s). 1.5 Create a separate, unique user ID for each user to enable individual authentication and accountability for access to the credit reporting agency’s infrastructure. Each user of the system access software must also have a unique logon password. 1.6 Ensure that user IDs are not shared and that no Peer-to-Peer file sharing is enabled on those users’ profiles. 1.7 Keep user passwords Confidentialconfidential. 1.8 Develop strong passwords that are: •  Not easily guessable (i.e. your name or company name, repeating numbers and letters or consecutive numbers and letters) •  Contain a minimum of seven (7) alpha/numeric characters for standard user accounts 1.9 Implement password protected screensavers with a maximum fifteen (15) minute timeout to protect unattended workstations. 1.10 Active logins to credit information systems must be configured with a 30 minute inactive session, timeout. 1.11 Take all necessary measures to prevent unauthorized ordering of or access to the Credit Information Services by any person other than an authorized user for permissible purposes, including, without limitation, limiting the knowledge of the End-User security codes, member numbers, User IDs, and any passwords End-User may use, to those individuals with a need to know, changing End-User’s user passwords at least every ninety (90) days, or sooner if an authorized user is no longer responsible for accessing the Credit Information Services, or if End-User suspects an unauthorized person has learned the password, and using all security features in the software and hardware End-User uses to order or access the Credit Information Services 1.12 Restrict the number of key personnel who have access to credit information. 1.12 1.13 Ensure that personnel who are authorized access to credit information have a business need to access such information and understand these requirements to access such information are only for the permissible purposes listed in the Permissible Purpose Information section of your membership application. 1.13 1.14 Ensure that you and your employees do not access your own credit reports or those reports of any family member(s) or friend(s) unless it is in connection with a credit transaction or for another permissible purpose. 1.14 1.15 Implement a process to terminate access rights immediately for users who access credit reporting agency credit information when those users are terminated or when they have a change in their job tasks and no longer require access to that credit information. 1.15 1.16 After normal business hours, turn off and lock all devices or systems used to obtain credit information. 1.16 1.17 Implement physical security controls to prevent unauthorized entry to your facility and access to systems used to obtain credit information.

Implement Strong Access Control Measures. 1.1 Do not provide your credit reporting agency Subscriber Codes or passwords to anyone. No one from the credit reporting agency will ever contact you and request your Subscriber Code number or password. 1.2 Proprietary or third party system access software must have credit reporting agency Subscriber Codes and password(s) hidden or embedded. Account numbers and passwords should be known only by supervisory personnel. 1.3 You must request your Subscriber Code password be changed immediately when: •  any system access software is replaced by another system access software or is no longer used; •  the hardware on which the software resides is upgraded, changed or disposed of 1.4 Protect credit reporting agency Subscriber Code(s) and password(s) so that only key personnel know this sensitive information. Unauthorized personnel should not have knowledge of your Subscriber Code(s) and password(s). 1.5 Create a separate, unique user ID for each user to enable individual authentication and accountability for access to the credit reporting agency’s infrastructure. Each user of the system access software must also have a unique logon password. 1.6 Ensure that user IDs are not shared and that no Peer-to-Peer file sharing is enabled on those users’ profiles. 1.7 Keep user passwords Confidential. 1.8 Develop strong passwords that are: •  Not easily guessable (i.e. your name or company name, repeating numbers and letters or consecutive numbers and letters) •  Contain a minimum of seven (7) alpha/numeric characters for standard user accounts 1.9 Implement password protected screensavers with a maximum fifteen (15) minute timeout to protect unattended workstations. 1.10 Active logins to credit information systems must be configured with a 30 minute inactive session, timeout. 1.11 Restrict the number of key personnel who have access to credit information. 1.12 Ensure that personnel who are authorized access to credit information have a business need to access such information and understand these requirements to access such information are only for the permissible purposes listed in the Permissible Purpose Information section of your membership application. 1.13 Ensure that you and your employees do not access your own credit reports or those reports of any family member(s) or friend(s) unless it is in connection with a credit transaction or for another permissible purpose. 1.14 Implement a process to terminate access rights immediately for users who access credit reporting agency credit information when those users are terminated or when they have a change in their job tasks and no longer require access to that credit information. 1.15 After normal business hours, turn off and lock all devices or systems used to obtain credit information. 1.16 Implement physical security controls to prevent unauthorized entry to your facility and access to systems used to obtain credit information.