Logical Access Controls. Trane employs internal monitoring and logging technology to help detect and prevent unauthorized access attempts to Trane’s corporate networks and production systems. Trane’s monitoring includes a review of changes affecting systems’ handling authentication, authorization, and auditing, and privileged access to Trane production systems. Xxxxx uses the principle of “least privilege” (meaning access denied unless specifically granted) for access to customer data.
Logical Access Controls. 3.1 Authentication and authorization controls are appropriately robust for the specific levels of risk to the applicable information, data, application, and platform.
3.2 Wherever possible, multi-factor authentication (MFA) is enforced, with FIDO2 protocol being the preferred mechanism, followed by TOTP.
3.3 Access rights are monitored to ensure access adheres to the ‘least privilege’ principle commensurate with the user’s job responsibilities, logs all access and security events, and uses software that enables rapid analysis of user activities.
3.4 User access reviews are performed on a scheduled basis for each application, database, or system housing CyberGRX data to confirm access and privilege levels.
3.5 Procedures are documented for the timely onboarding and off-boarding of users who have joined, left, or changed roles within CyberGRX.
3.6 Remote control of desktop is restricted to a specific role (e.g., helpdesk admin) and remote control is not permitted unless and until the end user gives permission.
3.7 A documented password policy covers all applicable systems, applications, and databases.
3.8 Authorizations must be linked to a unique user ID and account. This excludes the use of group IDs/passwords used by multiple people, with limited exceptions where necessary.
Logical Access Controls. Tanium employs the principles of least privilege and need-to-know to control access to Confidential Information and Customer Data. User access privileges are restricted based on business need and job responsibilities, allowing only the minimum necessary access for users to accomplish their job function. User access is revoked upon termination of employment or termination of relevant job duties, and owners of critical applications or systems are required to perform periodic privileged access reviews to ensure access is still required to perform current job duties. In addition, Tanium protects against unauthorized access by ensuring unique user IDs and passwords are in use. Tanium appropriately manages passwords, including enforcing password complexity by (a) requiring a password length of no less than 8 characters, (b) utilizing expiring first-time log-in temporary passwords,
Logical Access Controls. Abnormal will take reasonable measures that are designed to ensure appropriate user authentication for Personnel with access to Customer Data, including without limitation, by assigning each Personnel unique authentication credentials for accessing any system on which Customer Data is processed and prohibiting Personnel from sharing their authentication credentials. Abnormal will restrict access to Customer Data solely to those Personnel who need access to Customer Data to perform Abnormal’s obligations under the Agreement. Further, Abnormal will take reasonable measures to implement and maintain logging and monitoring technologies designed to help detect and prevent unauthorized access to its networks, servers, and applications, including but not limited to those that process Customer Data. Abnormal will conduct periodic reviews of systems that process Customer Data to verify the identities of individuals who access and have privileged access to systems to help detect and prevent unauthorized access to its network, servers, and applications and verify that all changes to its authentication systems were authorized and correct. Abnormal has implemented and will maintain procedures and policies that are designed to ensure that, upon termination of any Personnel the terminated user access to any Customer Data on Abnormal systems will be promptly revoked, and in all cases, revocation will occur no later than twenty-four (24) hours following such termination.
Logical Access Controls. (a) Intercom assigns a unique ID to each employee and leverages an Identity Provider to manage access to systems processing Customer Data.
(b) All access to systems processing Customer Data is protected by Multi Factor Authentication (MFA).
(c) Intercom restricts access to Customer Data to only those people with a “need-to-know” for a Permitted Purpose and following least privileges principles.
(d) Intercom regularly reviews at least every 180 days the list of people and systems with access to Customer Data and removes accounts upon termination of employment or a change in job status that results in employees no longer requiring access to Customer Data.
(e) Intercom mandates and ensures the use of system-enforced “strong passwords” in accordance with the best practices (described below) on all systems hosting, storing, processing, or that have or control access to Customer Data and will require that all passwords and access credentials are kept confidential and not shared among personnel.
1. Password best practices implemented by Intercom’s Identity Provider. Passwords must meet the following criteria:
a. contain at least 10 characters;
b. must contain lowercase and uppercase letters, numbers and a special character;
c. cannot be part of a vendor provided list of common passwords
(f) Intercom maintains and enforces “account lockout” by disabling accounts with access to Customer Data when an account exceeds more than ten (10) consecutive incorrect password attempts.
(g) Intercom does not operate any internal corporate network. All access to Intercom resources is protected by strong passwords and MFA.
(h) Intercom monitors their production systems and implements and maintains security controls and procedures designed to prevent, detect and respond to identified threats and risks.
(i) Strict privacy controls exist in the application code that are designed to ensure data privacy and to prevent one customer from accessing another customer’s data (i.e., logical separation).
Logical Access Controls. 11.1 Access to Moorepay systems used in the provision of the Services will be granted and revoked in accordance with Logical Access Management Policy, as defined in the Moorepay Security Policy Handbook.
11.2 Passwords allocated will conform to industry standards and align with Password Management Standard in the Moorepay Policy Handbook.
11.3 Authentication and login to Moorepay systems used in the provision of the Services will follow good industry practice.
11.4 System privileges in relation to user IDs will be reviewed regularly in line with controls defined for Moorepay compliance standards and certifications.
11.5 Recording of access and security incidents will be enforced based on good practices and applicable legal requirements.
11.6 Privileged user access, such as system administrators, will be strictly controlled.
Logical Access Controls. Access to Mosaic Data by the Supplier and Supplier Parties in support of the services provided to Mosaic by the Supplier shall remain restricted on a “Need to Know” basis. When required, access will be granted based on the Least Privilege necessary to perform required business function on behalf of or in support of services provided by the Supplier. At no time shall Mosaic Data be accessible by or available to any third party except where explicit written consent is provided to the Supplier by Xxxxxx. The Supplier shall maintain logical access controls no less than industry standard for the nature of the services provided by the Supplier and appropriate for the legal requirements for the protection of Mosaic Data hosted, maintained, processed or otherwise accessed by the Supplier and Supplier Parties.
Logical Access Controls. All Nuance systems and personal computers are subject to access controls including at least username and password that must meet password complexity requirements and automatic logoff requirements. Data Access Controls: Access to Nuance systems storing Personal Data is granted on a need-to- know basis and is subject to administrator approval. Data at rest is protected either by encryption or compensating security controls, which include segmented networks, tiered architecture, firewalls with intrusion protection and anti-malware protections, and limiting of port access.
Logical Access Controls. Data Importer shall employ effective logical access control measures over all systems used to access, create, transmit, or process personal data, including but not limited to:
a) User authentication must use unique identifiers (“User ID’s”) consistent with individual accountability and a complex password.
b) Prohibition of clear-text credentials must be enforced.
c) User access rights/privileges to information resources containing personal data must be granted on a need-to- know basis consistent with role-based authorization.
d) User access must be removed immediately upon user separation or role transfer eliminating valid business need for continued access.
e) Default passwords and security parameters must be changed in third-party products/applications used to support personal data and systems for the performance of the Solutions under the Master Solutions Agreement (the “Agreement”).
f) Two-factor authentication shall be used to secure all remote administrative access.
Logical Access Controls. Data Importer shall employ effective logical access control measures over all systems used to access, create, transmit, or process personal data, including but not limited to:
a) User authentication must use unique identifiers (“User ID’s”) consistent with individual accountability and a complex password.
b) Prohibition of clear-text credentials must be enforced.
c) User access rights/privileges to information resources containing personal data must be granted on a need-to- know basis consistent with role-based authorization.
d) User access must be removed immediately upon user separation or role transfer eliminating valid business need for continued access.
e) Two-factor authentication shall be used to secure all remote administrative access.
