Common use of Infrastructure Protection Clause in Contracts

Infrastructure Protection. Notified shall maintain industry standard procedures to protect Notified Processing Resources, including, at a minimum: i. Formal security programs (policies, standards, processes, etc.); ii. Processes for becoming aware of, and maintaining, security patches and fixes; iii. Router filters, firewalls, and other mechanisms to restrict access to the Notified Processing Resources, including without limitation, all local site networks which may be accessed via the Internet (whether or not such sites transmit information); iv. Resources used for mobile access to Customer Information Systems shall be protected against attack and penetration through the use of firewalls; and v. Processes to prevent, detect, and eradicate malicious code (e.g., viruses, etc.) and to notify Customer of instances of malicious code detected on Notified Processing Resources impacting Customer Information.

Infrastructure Protection. Notified Provider shall maintain industry standard procedures to protect Notified Provider Processing Resources, including, at a minimum: i. (a) Formal security programs (policies, standards, processes, etc.); ii. (b) Processes for becoming aware of, and maintaining, security patches and fixes; iii. (c) Router filters, firewalls, and other mechanisms to restrict access to the Notified Provider Processing Resources, including without limitation, all local site networks which may be accessed via the Internet (whether or not such sites transmit information); iv. (d) Resources used for mobile access to Customer United Information Systems shall be protected against attack and penetration through the use of firewalls; and v. (e) Processes to prevent, detect, and eradicate malicious code (e.g., viruses, etc.) and to notify Customer United of instances of malicious code detected on Notified Provider Processing Resources impacting Customer or affecting United Information.

Infrastructure Protection. Notified Data Center shall maintain industry standard procedures to protect Notified Processing Resourcesthe Sensitive Information, including, at a minimum: i. (i) Formal security programs (policies, standards, processes, etc.); (ii. ) Processes for becoming aware of, and maintaining, security patches and fixes; (iii. ) Router filters, firewalls, and other mechanisms to restrict access to the Notified Processing ResourcesData Center systems, including without limitation, all local site networks which may be accessed via the Internet (whether or not such sites transmit information); (iv. ) Resources used for mobile access to Customer Information Systems Data Center systems shall be protected against attack and penetration through the use of firewalls; and v. (v) Processes to prevent, detect, and eradicate malicious code (e.g., viruses, etc.) and to notify Customer Researcher of instances of malicious code detected on Notified Processing Resources impacting Customer Data Center systems or affecting Sensitive Information.

Infrastructure Protection. Notified Vendor shall maintain industry standard procedures to protect Notified Vendor Processing Resources, including, at a minimum: i. (a) Formal security programs (policies, standards, processes, etc.); ii. (b) Processes for becoming aware of, and maintainingmaintain, security patches and fixes; iii. (c) Router filters, firewalls, and other mechanisms to restrict access to the Notified Vendor Processing Resources, including without limitation, all local site networks which may be accessed via the Internet (whether or not such sites transmit information); iv. (d) Resources used for mobile access to Customer United Information Systems shall be protected against attack and penetration through the use of firewalls; and v. (e) Processes to prevent, detect, and eradicate malicious code (e.g., viruses, etc.) and to notify Customer United of instances of malicious code detected on Notified Vendor Processing Resources impacting Customer or affecting that are reasonably likely to affect United Information.