IT Security Management Clause Samples

IT Security Management. 20.5.1 FDT performs IT Security Management for FDT IT Services on behalf of FME in order to enable and maintain a secure IT environment. In general, both Parties maintain an IT security framework. FDT implements the defined technical security measures on behalf of FME and assures Service delivery in line with FME’s IT security guidelines. IT security processes are performed by FDT in the areas where FDT is providing FDT IT Services. 20.5.2 This includes but is not limited to antivirus and data encryption. FDT IT Security Management covers all Systems and Services provided by FDT if not otherwise agreed between the Parties in an Individual TSA. 20.5.3 The collaboration of FDT and FME related to IT Security Management happens as follow: Operational level: FDT provides security support for FME through the proactive analysis and management of security advisories. A security advisory is a notification about a potential or existing security gap which is currently provided to FDT by third-party. These security advisories are monitored and categorized on a regular basis and if necessary appropriate actions are performed in order to maintain a secure IT environment for FME. FDT’s Service Desk involves the respective technical support teams as necessary in case of Incidents until the completion of the Migration of the Service Desk.

IT Security Management. Service Provider shall conform to STC Customer security guidelines, including the procedures in Attachment A-4 - Policies, Procedures and Standards, that are in the Service Management Manual so that the security goals are met and all Service Provider Personnel are aware of the risks associated with breaches of security standards. Service Provider will also cooperate with STC Customer in connection with any security audits by sharing requested information and providing access to technical infrastructure. The following list further identifies the security management Services that Service Provider will perform. 1. Assist in developing security standards, policies and procedures including industry best practices with DCS Customer and MSI. 2. Adhere to the Service Management Manual security requirements, standards, procedures and policies including regulatory requirements. 3. Recommend security improvements based upon current security trends, threats, common exploits, prior experiences, and best practices. 4. Provide a security assessment group to conduct assessments, per an identified schedule, in accordance with STC Customer and Service Provider security policies. 5. Provide security plan based on security requirements, standards, procedures, policies, STC Customer federal, state, and local requirements and risks. 6. Report security violations to STC Customer per STC Customer policies. 7. Review all security patches relevant to STC Customer’s environment and classify the need and speed in which the security patches should be installed as defined by security policies. 8. If applicable, in the development environment and as approved by STC Customer, install security patches per Change management process and procedures at Service Provider Site(s). 9. Maintain all documentation required for security assessments, audits and internal control and control testing in the STC Customer repository. 10. Place and support systems with particularly sensitive data in controlled access areas. 11. Limit access to data to authorized Service Provider personnel only. 12. Allow and cooperate with third-party security audits. 13. Participate in STC Customer (MSI) security training. 14. Implement a security awareness program that supports Project Services. 15. As requested, attend Security Management and Risk Management meetings. 16. All Service Provider personnel must have received a CJIS-compliant security Clearance, in accordance with the Agreement and the Service Management Manu...

IT Security Management. The Quoter shall detail how it will ensure security management and access control methodology for all environments.