Information Security Program Requirements Clause Samples
Information Security Program Requirements. At minimum, Company’s Information Security Program shall incorporate policies and procedures consistent with then current industry standards for the following: Access Control (including the use of unique IDs and passwords for all users) Malware Prevention and Protection Patch and Vulnerability Management System Configuration and Hardening Logging of Security Events and Access to AHS Information Network Security and Firewall Management Security of Wireless Technology and Wireless Networks Application and Network Security Testing, as applicable 5. Personnel Security.
Information Security Program Requirements. Supplier is required to maintain an information security program that at minimum includes the following:
a) One or more designated qualified employees must be responsible to maintain the Supplier information security program.
b) Supplier must maintain written information security policies and standards that address all information security requirements contained in the Agreement(s); that are at minimum consistent in all material respects with the requirements of this Exhibit and with applicable Industry Standards; and that support the confidentiality, integrity and availability of Supplier systems, information and business operations and the confidentiality, integrity and availability of Verizon Sensitive Information and Confidential Information. In addition, such policies and standards must conform to all applicable data protection laws and regulations.
c) Supplier executive management must endorse information security polices and standards;
d) Supplier Staff must receive periodic training (at least annually) to understand Supplier’s security policies, and must acknowledge their adherence to Supplier’s security policies. Written certification of the periodic training and of the acknowledgement of information security policies by Supplier employees and permitted contractors must be maintained by supplier for inspection by Verizon upon reasonable request.
e) Non-compliance with Supplier’s information security policies must result in meaningful discipline.
f) Supplier Information Security program must include periodic education and awareness messages to Supplier Staff that consist of relevant and timely information to sensitize such staff to the importance of security for Sensitive Information and Confidential Information, complying with applicable use requirements and limitations, the proper use of Supplier’s security systems, and the requirements of Supplier’s information security program.
g) Supplier must review its security measures on an ongoing basis, at least annually and whenever there is a material change in business practices that may implicate the security or integrity of records containing Sensitive Information. Such review will identify and assess reasonably foreseeable internal and external risks to the security, confidentiality and/or integrity of any electronic, paper or other records containing Sensitive Information. Application Service Provider Agreement - Synchronoss and Verizon Proprietary and Confidential
h) Supplier must regularly monit...