Internal Data Access Processes and Policies – Access Policy Sample Clauses

Internal Data Access Processes and Policies – Access Policy. Google’s internal data access processes and policies are designed to prevent unauthorized persons and systems from gaining access to systems used to process Customer Data. Google designs its systems to (i) only allow authorized persons to access data they are authorized to access; and (ii) ensure that Customer Data cannot be read, copied, altered or removed without authorization during processing, use and after recording. The systems are designed to detect any inappropriate access. Google employs a centralized access management system to control personnel access to production servers, and only provides access to a limited number of authorized personnel. Google’s authentication and authorization systems utilize SSH certificates and security keys, and are designed to provide Google with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information. Google requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks; and a need to know basis. The granting or modification of access rights must also be in accordance with Google’s internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g. login to workstations), password policies that follow at least industry standard practices are implemented. These standards include restrictions on password reuse and sufficient password strength. For access to extremely sensitive information (e.g. credit card data), Google uses hardware tokens.
Sample 1See All (6)
AutoNDA by SimpleDocs
Internal Data Access Processes and Policies – Access Policy. Google employs a centralized access management system to control personnel access to Google production servers, and only provides access to a limited number of authorized personnel. LDAP, Kerberos and a Google proprietary system utilizing RSA keys are designed to provide Google with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, Customer Data and configuration information. Google requires the use of unique user IDs, strong passwords; two factor authentication and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks; a need to know basis; and must be in accordance with Google’s internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication at Google (e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include password expiry, restrictions on password reuse and sufficient password strength. For access to extremely sensitive information (e.g., Credit Card data), Google uses hardware tokens.
Sample 1Sample 2Sample 3See All (4)
Internal Data Access Processes and Policies – Access Policy. Sightengine’s internal data access processes and policies are designed to prevent unauthorized persons or systems from getting access to system used to process personal data. Sightengine only provides access to a limited number of authorized personnel. Sightengine requires the use of SSH certificates, unique IDs, strong passwords, two factor authentication where applicable. Access to system is logged to provide an audit trail for accountability.
Sample 1Sample 2
Internal Data Access Processes and Policies – Access Policy. Google’s internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process personal data. Google aims to design its systems to: (i) only allow authorized persons to access data they are authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorization during processing, use and after recording. The systems are designed to detect any inappropriate access. Google
Sample 1
Internal Data Access Processes and Policies – Access Policy. Algolia’s internal data access processes and policies are designed to prevent unauthorized persons or systems from getting access to system used to process personal data. These processes are audited by an independent auditor. Algolia employs a centralized access management system to control access to production systems and server, and only provides access to a limited number of authorized personnel. SSO, LDAP and SSH certificates are used to provide secure access mechanisms. Algolia requires the use of unique IDs, strong passwords and two factor authentication. Granting of access is guided by an internal policy. Access to system is logged to provide an audit trail for accountability.
Sample 1
Internal Data Access Processes and Policies – Access Policy. Provider’s internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process personal data. Provider aims to design its systems to allow only authorized persons to access data they are authorized to access. Provider employs a centralized access management system to control access to production servers, and provides access to only authorized personnel. The granting or modification of access rights is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks; a need to know basis; and must be in accordance with Provider’ internal data access policies and training.
Sample 1
Internal Data Access Processes and Policies – Access Policy. The Data Importer’s internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process personal data. The Data Importer designs its systems to: (i) only allow authorized persons to access data they are authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorization during processing, use and after recording. The Data Importer employs centralized access management to control personnel access to production servers, and only provides access to a limited number of authorized personnel. The Data Importer requires the use of unique user IDs, strong passwords; two factor authentication (when available) and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks; a need to know basis; and must be in accordance with The Data Importer’s internal data access policies and training. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include password expiry, restrictions on password reuse and sufficient password strength. For access to extremely sensitive information (e.g., credit card data), the Data Importer uses hardware tokens.
Sample 1
AutoNDA by SimpleDocs
Internal Data Access Processes and Policies – Access Policy. The Data Importer’s internal data handling processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process personal data. The Data Importer designs its systems to: (i) only allow authorized persons to access data they are authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorization during processing, use and after recording. The systems are designed to detect any inappropriate access. The Data Importer employs a centralized access management system to control personnel access to production servers, and only provides access to a limited number of authorized personnel. LDAP, Kerberos and a proprietary system utilizing SSH certificates are designed to provide the Data Importer with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information. The Data Importer requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks; and a need to know basis. The granting or modification of access rights must also be in accordance with The Data Importer’s internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include restrictions on password reuse and sufficient password strength.
Sample 1
Internal Data Access Processes and Policies – Access Policy. Google's internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process personal data. Google designs its systems to (i) only allow authorized persons to access data they are authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorization during processing, use and after recording. The systems are designed to detect any inappropriate access. Google employs access management systems to control personnel access to production servers for the Services, and only provides access to a limited number of authorized personnel. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information. Google requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel's job responsibilities; job duty requirements necessary to perform authorized tasks; and a need to know basis. The granting or modification of access rights must also be in accordance with internal data access policies and training. Where passwords are employed for authentication (e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include restrictions on password reuse and sufficient password strength.
Sample 1

Related to Internal Data Access Processes and Policies – Access Policy

  • REMOTE ACCESS SERVICES ADDENDUM The Custodian and each Fund agree to be bound by the terms of the Remote Access Services Addendum hereto.

  • Service Level Agreements If a Service or a Plan includes a Service Level Agreement (SLA): (a) we are liable for any remedy or rebate specified by the SLA; and (b) subject to clauses 40 to 42, and to the express terms of the SLA, our liability for breach of the SLA is limited to such remedy or rebate.

  • Data Encryption Contractor must encrypt all State data at rest and in transit, in compliance with FIPS Publication 140-2 or applicable law, regulation or rule, whichever is a higher standard. All encryption keys must be unique to State data. Contractor will secure and protect all encryption keys to State data. Encryption keys to State data will only be accessed by Contractor as necessary for performance of this Contract.

  • The Web Services E-Verify Employer Agent agrees to, consistent with applicable laws, regulations, and policies, commit sufficient personnel and resources to meet the requirements of this MOU.

  • Network Services Local Access Services In lieu of any other rates and discounts, Customer will pay fixed monthly recurring local loop charges ranging from $1,200 to $2,000 for TDM-based DS-3 Network Services Local Access Services at 2 CLLI codes mutually agreed upon by Customer and Company.

  • Data Access Access to Contract and State Data The Contractor shall provide to the Client Agency access to any data, as defined in Conn. Gen Stat. Sec. 4e-1, concerning the Contract and the Client Agency that are in the possession or control of the Contractor upon demand and shall provide the data to the Client Agency in a format prescribed by the Client Agency and the State Auditors of Public Accounts at no additional cost.

  • Data Access and Proprietary Information 6.1 The Fund acknowledges that the databases, computer programs, screen formats, report formats, interactive design techniques, and documentation manuals furnished to the Fund by the Transfer Agent as part of the Fund’s ability to access certain Fund Confidential Information maintained by the Transfer Agent on databases under the control and ownership of the Transfer Agent or other third party (“Data Access Services”) constitute copyrighted, trade secret, or other proprietary information of substantial value to the Transfer Agent or other third party (collectively, “Transfer Agent Proprietary Information”). In no event shall Transfer Agent Proprietary Information be deemed Fund Confidential Information. The Fund agrees to treat all Transfer Agent Proprietary Information as proprietary to the Transfer Agent and further agrees that it shall not divulge any Transfer Agent Proprietary Information to any person or organization except as may be provided hereunder. Without limiting the foregoing, the Fund agrees for itself and its employees and agents to: (a) Use such programs and databases (i) solely on the Fund’s computers or on computers of Federated Services Company or its affiliates (collectively, “Fund Computers”), or (ii) solely from equipment at the location agreed to between the Fund and the Transfer Agent and (iii) solely in accordance with the Transfer Agent’s applicable user documentation; (b) Refrain from copying or duplicating in any way (other than in the normal course of performing processing on the Fund Computers), the Transfer Agent Proprietary Information; (c) Refrain from obtaining unauthorized access to any portion of the Transfer Agent Proprietary Information, and if such access is inadvertently obtained, to inform Transfer Agent in a timely manner of such fact and dispose of such information in accordance with the Transfer Agent’s instructions; (d) Refrain from causing or allowing information transmitted from the Transfer Agent’s computer to the Fund’s terminal to be retransmitted to any other computer terminal or other device except as expressly permitted by the Transfer Agent (such permission not to be unreasonably withheld); (e) Allow the Fund to have access only to those authorized transactions as agreed to between the Fund and the Transfer Agent; and (f) Honor all reasonable written requests made by the Transfer Agent to protect at the Transfer Agent’s expense the rights of the Transfer Agent in the Transfer Agent Proprietary Information at common law, under federal copyright law and under other federal or state law. 6.2 The Fund shall take reasonable efforts to advise its employees of their obligations pursuant to this Section 6. The obligations of this Section shall survive any earlier termination of this Agreement. 6.3 If the Fund notifies the Transfer Agent that any of the Data Access Services do not operate in material compliance with the most recently issued user documentation for such services, the Transfer Agent shall use its best efforts in a timely manner to correct such failure. Organizations from which the Transfer Agent may obtain certain data included in the Data Access Services are solely responsible for the contents of such data and the Fund agrees to make no claim against the Transfer Agent arising out of the contents of such third-party data, including, but not limited to, the accuracy thereof; provided, however, that the Fund shall be entitled to insist that the Transfer Agent, and the Transfer Agent for the benefit of the Fund shall, enforce any and all rights under applicable contracts for the Data Access Services. SUBJECT TO THE FOREGOING OBLIGATIONS OF THE TRANSFER AGENT, DATA ACCESS SERVICES AND ALL COMPUTER PROGRAMS AND SOFTWARE SPECIFICATIONS USED IN CONNECTION THEREWITH ARE PROVIDED ON AN AS IS, AS AVAILABLE BASIS. EXCEPT AS OTHERWISE PROVIDED HEREIN TO THE CONTRARY, THE TRANSFER AGENT EXPRESSLY DISCLAIMS ALL WARRANTIES INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 6.4 If the transactions available to the Fund include the ability to originate Proper Instructions through electronic instructions to the Transfer Agent in order to: (i) effect the transfer or movement of cash or Shares; or (ii) transmit Shareholder information or other information, then in such event the Transfer Agent shall be entitled to rely on the validity and authenticity of such Proper Instructions without undertaking any further inquiry as long as such Proper Instruction is undertaken in conformity with applicable security procedures.

  • Customer Notification By executing this Agreement, the Advisor acknowledges that as required by the Advisers Act the Sub-Advisor has supplied to the Advisor and the Trust copies of the Sub-Advisor’s Form ADV with all exhibits and attachments (including the Sub-Advisor’s statement of financial condition) and will promptly supply to the Advisor copies of all amendments or restatements of such document. Otherwise, the Advisor’s rights under federal law allow termination of this contract without penalty within five business days after entering into this contract. U.S. law also requires the Sub-Advisor to obtain, verify, and record information that identifies each person or entity that opens an account. The Sub-Advisor will ask for the Trust’s legal name, principal place of business address, and Taxpayer Identification or other identification number, and may ask for other identifying information.

  • Proposed Policies and Procedures Regarding New Online Content and Functionality By October 31, 2017, the School will submit to OCR for its review and approval proposed policies and procedures (“the Plan for New Content”) to ensure that all new, newly-added, or modified online content and functionality will be accessible to people with disabilities as measured by conformance to the Benchmarks for Measuring Accessibility set forth above, except where doing so would impose a fundamental alteration or undue burden. a) When fundamental alteration or undue burden defenses apply, the Plan for New Content will require the School to provide equally effective alternative access. The Plan for New Content will require the School, in providing equally effective alternate access, to take any actions that do not result in a fundamental alteration or undue financial and administrative burdens, but nevertheless ensure that, to the maximum extent possible, individuals with disabilities receive the same benefits or services as their nondisabled peers. To provide equally effective alternate access, alternates are not required to produce the identical result or level of achievement for persons with and without disabilities, but must afford persons with disabilities equal opportunity to obtain the same result, to gain the same benefit, or to reach the same level of achievement, in the most integrated setting appropriate to the person’s needs. b) The Plan for New Content must include sufficient quality assurance procedures, backed by adequate personnel and financial resources, for full implementation. This provision also applies to the School’s online content and functionality developed by, maintained by, or offered through a third-party vendor or by using open sources. c) Within thirty (30) days of receiving OCR’s approval of the Plan for New Content, the School will officially adopt, and fully implement the amended policies and procedures.

  • Changes to Privacy Policy Agreement Passive Plus, Inc. reserves the right to update and/or change the terms of our privacy policy, and as such we will post those change to our website homepage at xxx.xxxxxxxxxxx.xxx, so that our users and/or visitors are always aware of the type of information we collect, how it will be used, and under what circumstances, if any, we may disclose such information. If at any point in time Passive Plus, Inc. decides to make use of any personally identifiable information on file, in a manner vastly different from that which was stated when this information was initially collected, the user or users shall be promptly notified by email. Users at that time shall have the option as to whether or not to permit the use of their information in this separate manner.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!