Common use of Infrastructure Security Personnel Clause in Contracts

Infrastructure Security Personnel. Google has, and maintains, a security policy for its personnel, and requires security training as pa0 of the training package for its personnel. Google’s infrastructure security personnel are responsible for the ongoing monitoring of Google’s security infrastructure, the review of the Processor Services, and responding to security incidents. Access Control and Privilege Management. Customer's administrators and users must authenticate themselves via a central authentication system or via a single sign on system in order to use the Processor Services. Internal Data Access Processes and Policies – Access Policy. Google’s internal data access processes and policies are designed to prevent unauthorised persons and/or systems from gaining access to systems used to process personal data. Google aims to design its systems to: (i) only allow authorised persons to access data they are authorised to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorisation during processing, use and xxxx recording. The systems are designed to detect any inappropriate access. Google employs a centralised access management system to control personnel access to production servers, and only provides access to a limited number of authorised personnel. LDAP, Kerberos and a proprietary system utilising digital ce0iccates are designed to provide Google with secure and Lexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and concguration information. Google requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimise the potential for unauthorised account use. The granting or modiccation of access rights is based on: the authorised personnel’s job responsibilities; job duty requirements necessary to peSorm authorised tasks; and a need to know basis. The granting or modiccation of access rights must also be in accordance with Google’s internal data access policies and training. Approvals are managed by workLow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g. login to workstations), password policies that follow at least industry standard practices are implemented. These standards include restrictions on password reuse and suncient password strength.

Infrastructure Security Personnel. Google has, and maintains, a security policy for its personnel, and requires security training as pa0 part of the training package for its personnel. Google’s infrastructure security personnel are responsible for the ongoing monitoring of Google’s security infrastructure, the review of the Processor Services, and responding to security incidents. Access Control and Privilege Management. Customer's administrators ’s Administrators and users End Users must authenticate themselves via a central authentication system or via a single sign on system in order to use the Processor Services. Each application checks credentials in order to allow the display of data to an authorized End User or authorized Administrator. Internal Data Access Processes and Policies – Access Policy. Google’s internal data access processes and policies are designed to prevent unauthorised unauthorized persons and/or systems from gaining access to systems used to process personal data. Google aims to design its systems to: (i) only allow authorised authorized persons to access data they are authorised authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorisation authorization during processing, use and xxxx after recording. The systems are designed to detect any inappropriate access. Google employs a centralised centralized access management system to control personnel access to production servers, and only provides access to a limited number of authorised authorized personnel. LDAP, Kerberos and a proprietary system utilising digital ce0iccates utilizing SSH certificates are designed to provide Google with secure and Lexible flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and concguration configuration information. Google requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimise minimize the potential for unauthorised unauthorized account use. The granting or modiccation modification of access rights is based on: the authorised authorized personnel’s job responsibilities; job duty requirements necessary to peSorm authorised perform authorized tasks; and a need to know basis. The granting or modiccation modification of access rights must also be in accordance with Google’s internal data access policies and training. Approvals are managed by workLow workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g. e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include restrictions on password reuse and suncient sufficient password strength. For access to extremely sensitive information (e.g., credit card data), Google uses hardware tokens. • 3. Data. o (a) Data Storage, Isolation & Authentication. Google stores data in a multi-tenant environment on Google-owned servers. Data, the Services database and file system architecture are replicated between multiple geographically dispersed data centers. Google logically isolates data on a per End User basis at the application layer. Google logically isolates each Customer’s data, and logically separates each End User’s data from the data of other End Users, and data for an authenticated End User will not be displayed to another End User (unless the former End User or an Administrator allows the data to be shared). A central authentication system is used across all Services to increase uniform security of data. Customer will be given control over specific data sharing policies. Those policies, in accordance with the functionality of the Services, will enable Customer to determine the product sharing settings applicable to End Users for specific purposes. Customer may choose to make use of certain logging capability that Google may make available via the Services, products and APIs. Customer agrees that its use of the APIs is subject to the API Terms of Use. Google agrees that changes to the APIs will not result in the degradation of the overall security of the Services.

Infrastructure Security Personnel. Google has, and maintains, a security policy for its personnel, and requires security training as pa0 part of the training package for its personnel. Google’s infrastructure security personnel are responsible for the ongoing monitoring of Google’s security infrastructure, the review of the Processor Services, and responding to security incidents. Access Control and Privilege Management. Customer's administrators ’s Administrators and users End Users must authenticate themselves via a central authentication system or via a single sign on system in order to use the Processor Services. Each application checks credentials in order to allow the display of data to an authorized End User or authorized Administrator. Internal Data Access Processes and Policies – Access Policy. Google’s internal data access processes and policies are designed to prevent unauthorised unauthorized persons and/or systems from gaining access to systems used to process personal data. Google aims to design its systems to: (i) only allow authorised authorized persons to access data they are authorised authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorisation authorization during processing, use and xxxx after recording. The systems are designed to detect any inappropriate access. Google employs a centralised centralized access management system to control personnel access to production servers, and only provides access to a limited number of authorised authorized personnel. LDAP, Kerberos and a proprietary system utilising digital ce0iccates utilizing SSH certificates are designed to provide Google with secure and Lexible flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and concguration configuration information. Google requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimise minimize the potential for unauthorised unauthorized account use. The granting or modiccation modification of access rights is based on: the authorised authorized personnel’s job responsibilities; job duty requirements necessary to peSorm authorised perform authorized tasks; and a need to know basis. The granting or modiccation modification of access rights must also be in accordance with Google’s internal data access policies and training. Approvals are managed by workLow workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g. e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include password expiry, restrictions on password reuse and suncient sufficient password strength. For access to extremely sensitive information (e.g., credit card data), Google uses hardware tokens.  3. Data. o (a) Data Storage, Isolation & Authentication. Google stores data in a multi-tenant environment on Google-owned servers. Data, the Services database and file system architecture are replicated between multiple geographically dispersed data centers. Google logically isolates data on a per End User basis at the application layer. Google logically isolates each Customer’s data, and logically separates each End User’s data from the data of other End Users, and data for an authenticated End User will not be displayed to another End User (unless the former End User or an Administrator allows the data to be shared). A central authentication system is used across all Services to increase uniform security of data. Customer will be given control over specific data sharing policies. Those policies, in accordance with the functionality of the Services, will enable Customer to determine the product sharing settings applicable to End Users for specific purposes. Customer may choose to make use of certain logging capability that Google may make available via the Services, products and APIs. Customer agrees that its use of the APIs is subject to the API Terms of Use. Google agrees that changes to the APIs will not result in the degradation of the overall security of the Services.

Infrastructure Security Personnel. Google has, and maintains, a security policy for its personnel, and requires security training as pa0 part of the training package for its personnel. Google’s infrastructure security personnel are responsible for the ongoing monitoring of Google’s security infrastructure, the review of the Processor Services, and for responding to security incidents. Access Control and Privilege Management. Customer's ’s administrators and end users must authenticate themselves via a central authentication system or via a single sign on system in order to use the Processor Services. Each application checks credentials in order to allow the display of data to an authorized End User or authorized Administrator. Internal Data Access Processes and Policies – Access Policy. Google’s internal data access processes and policies are designed to prevent unauthorised unauthorized persons and/or systems from gaining access to systems used to process personal data. Google aims to design its systems to: (i) only allow authorised authorized persons to access data they are authorised authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorisation authorization during processing, use and xxxx after recording. The systems are designed to detect any inappropriate access. Google employs a centralised centralized access management system to control personnel access to production servers, and only provides access to a limited number of authorised authorized personnel. LDAP, Kerberos and a proprietary system utilising digital ce0iccates utilizing RSA keys are designed to provide Google with secure and Lexible flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and concguration configuration information. Google requires the use of unique user IDs, strong passwords, ; two factor authentication and carefully monitored access lists to minimise minimize the potential for unauthorised unauthorized account use. The granting or modiccation modification of access rights is based on: the authorised authorized personnel’s job responsibilities; job duty requirements necessary to peSorm authorised perform authorized tasks; and a need to know basis. The granting or modiccation of access rights ; and must also be in accordance with Google’s internal data access policies and training. Approvals are managed by workLow workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g. e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include password expiry, restrictions on password reuse and suncient sufficient password strength. For access to extremely sensitive information (e.g., credit card data), Google uses hardware tokens.

Infrastructure Security Personnel. Google has, and maintains, a security policy for its personnel, and requires security training as pa0 part of the training package for its personnel. Google’s infrastructure security personnel are responsible for the ongoing monitoring of Google’s security infrastructure, the review of the Processor Cloud Services, and responding to security incidents. Access Control and Privilege Management. Customer's ’s administrators and users must authenticate themselves via a central authentication system or via a single sign on system in order to use administer the Processor Cloud Services. Internal Data Access Processes and Policies – Access Policy. Google’s internal data access processes and policies are designed to prevent unauthorised unauthorized persons and/or systems from gaining access to systems used to process personal data. Google aims to design designs its systems to: to (i) only allow authorised authorized persons to access data they are authorised authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorisation authorization during processing, use and xxxx after recording. The systems are designed to detect any inappropriate access. Google employs a centralised centralized access management system to control personnel access to production servers, and only provides access to a limited number of authorised authorized personnel. LDAP, Kerberos and a proprietary system utilising digital ce0iccates utilizing SSH certificates are designed to provide Google with secure and Lexible flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and concguration configuration information. Google requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimise minimize the potential for unauthorised unauthorized account use. The granting or modiccation modification of access rights is based on: the authorised authorized personnel’s job responsibilities; job duty requirements necessary to peSorm authorised perform authorized tasks; and a need to know basis. The granting or modiccation modification of access rights must also be in accordance with Google’s internal data access policies and training. Approvals are managed by workLow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g. e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include restrictions on password reuse and suncient sufficient password strength. For access to extremely sensitive information (e.g. credit card data), Google uses hardware tokens.

Infrastructure Security Personnel. Google has, and maintains, a security policy for its personnel, and requires security training as pa0 part of the training package for its personnel. Google’s infrastructure security personnel are responsible for the ongoing monitoring of Google’s security infrastructure, the review of the Processor Services, and responding to security incidents. Access Control and Privilege Management. Customer's administrators ’s Administrators and users End Users must authenticate themselves via a central authentication system or via a single sign on system in order to use the Processor Services. Each application checks credentials in order to allow the display of data to an authorized End User or authorized Administrator. Internal Data Access Processes and Policies – Access Policy. Google’s internal data access processes and policies are designed to prevent unauthorised unauthorized persons and/or systems from gaining access to systems used to process personal data. Google aims to design its systems to: (i) only allow authorised authorized persons to access data they are authorised authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorisation authorization during processing, use and xxxx after recording. The systems are designed to detect any inappropriate access. Google employs a centralised centralized access management system to control personnel access to production servers, and only provides access to a limited number of authorised authorized personnel. LDAP, Kerberos and a proprietary system utilising digital ce0iccates utilizing SSH certificates are designed to provide Google with secure and Lexible flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and concguration configuration information. Google requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimise minimize the potential for unauthorised unauthorized account use. The granting or modiccation modification of access rights is based on: the authorised authorized personnel’s job responsibilities; job duty requirements necessary to peSorm authorised perform authorized tasks; and a need to know basis. The granting or modiccation modification of access rights must also be in accordance with Google’s internal data access policies and training. Approvals are managed by workLow workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g. e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include restrictions on password reuse and suncient sufficient password strength. For access to extremely sensitive information (e.g., credit card data), Google uses hardware tokens.  3. Data. o (a) Data Storage, Isolation & Authentication. Google stores data in a multi-tenant environment on Google-owned servers. Data, the Services database and file system architecture are replicated between multiple geographically dispersed data centers. Google logically isolates data on a per End User basis at the application layer. Google logically isolates each Customer’s data, and logically separates each End User’s data from the data of other End Users, and data for an authenticated End User will not be displayed to another End User (unless the former End User or an Administrator allows the data to be shared). A central authentication system is used across all Services to increase uniform security of data. Customer will be given control over specific data sharing policies. Those policies, in accordance with the functionality of the Services, will enable Customer to determine the product sharing settings applicable to End Users for specific purposes. Customer may choose to make use of certain logging capability that Google may make available via the Services, products and APIs. Customer agrees that its use of the APIs is subject to the API Terms of Use. Google agrees that changes to the APIs will not result in the degradation of the overall security of the Services.