Common use of Logical Security Administration Clause in Contracts

Logical Security Administration. Service Provider’s responsibilities include: 1. Establish and maintain mechanisms to safeguard against the unauthorized access, destruction, loss, or alteration of DIR and DIR Customers’ data. Service Provider will implement safeguards that are no less rigorous than the practices performed by DIR and DIR Customers as of the Commencement Date. 2. Manage and administer access to Service Provider-operated systems, networks, Software, and DIR and DIR Customers data, to include the following: 2.1. Upon request provide DIR IT Security full administrative rights related to systems regarding the Services, including full access to audit trails and logs. 2.2. DIR and DIR Customers will retain authority for approval of all data and system access requirements. 2.3. DIR and DIR Customers will notify Service Provider regarding the entities and personnel to be granted access to Service Provider-operated systems and the level of security access granted to each. 2.4. Follow DIR’s and DIR Customers’ instructions and the procedures regarding such access as designated by DIR or DIR Customers. 2.5. Ensure that the comprehensive database of security clearances and access rights is maintained and tracking all the logical access rights of Service Provider personnel to systems associated with providing the Services. 3. Review all documented information security procedures with DIR pertaining to Service Provider-operated systems. 4. Comply with DIR policies on privacy protection and protective security for data, including security, data and records management, and electronic records and data archiving. 5. Conform to the requirements in accordance with government guidelines and DIR and DIR Customer security policies. 6. Assist in the development, testing and utilization of an action plan and escalation procedures for any potential or real security breaches and report any potential or real security breaches to DIR or DIR Customers per the plan. 7. Monitor users of the systems and Services for authorized access, and monitor, review, and respond and appropriate manner to access violations within designated timeframes. 8. Document and identify security risks associated with the Services, and in support of Risk Management. 9. Notify DIR and DIR Customer in the event of a security violation or unauthorized attempt to access or alter DIR or DIR Customer data, where the notification and escalation is made according to security policy guidelines and procedures. 10. Conduct semi-annual reviews, as appropriate, to validate that individual employee access to programs and libraries is appropriate for Service Provider-operated systems. And provide reports to DIR and DIR Customers. 11. Provide reports, on at least a weekly basis, to identify to DIR and DIR Customers those accounts that should be removed on systems for Service Provider-operated systems. 12. Capture data regarding routine access and exceptions for audit trail purposes, ensure that time stamps are synchronized with a common time source for event correlation and make such data available to DIR or DIR Customers upon request. 13. Perform security audits, provide Incident investigation support, and initiate corrective actions to minimize and prevent security breaches. 14. Provide reports on violation and access attempts, and retain documentation of the investigation.

Logical Security Administration. The goal of Logical Security Administration is to provide and maintain authorized access to IT data. Service Provider’s Provider responsibilities include: 1. Establish and maintain mechanisms to safeguard against the unauthorized access, destruction, loss, or alteration of DIR and DIR Customers’ data. Service Provider will implement safeguards that are no less rigorous than the practices performed by DIR and DIR Customers as of the Commencement Date. 2. Manage and administer access to the Service Provider-operated systems, networks, Software, and DIR and DIR Customers data, to include the followinginclude: 2.1. Upon request provide DIR IT Security full administrative rights related to systems regarding the Services, including full access to audit trails and logs. 2.2. DIR and DIR Customers will retain authority for approval of all data and system access requirements. 2.3. DIR and DIR Customers will notify the Service Provider regarding the entities and personnel to be granted access to the Service Provider-operated systems and the level of security access granted to each. 2.4. Follow DIR’s and DIR Customers’ instructions and the procedures regarding such access as designated by DIR or DIR Customers. 2.5. Ensure that the comprehensive database of security clearances and access rights is maintained and tracking all the logical access rights of Service Provider personnel to systems associated with providing the Services. 3. Review all documented information security procedures with DIR pertaining to the Service Provider-operated systems. 4. Comply with DIR policies on privacy protection and protective security for data, including security, data and records management, and electronic records and data archiving. 5. Conform to the requirements in accordance with government guidelines and DIR and DIR Customer security policies. 6. Assist in the development, testing and utilization of an action plan and escalation procedures for any potential or real security breaches and report any potential or real security breaches to DIR or DIR Customers per the plan. 7. Monitor users of the systems and Services for authorized access, and monitor, review, and respond within designated timeframes and in an appropriate manner to access violations within designated timeframesviolations. 8. Document and identify security risks associated with the Services, and in support of Risk Management. 9. Notify DIR and DIR Customer in the event of a security violation or unauthorized attempt to access or alter DIR or DIR Customer data, where the notification and escalation is made according to security policy guidelines and procedures. 10. Conduct semi-annual reviews, as appropriate, to validate that individual employee access to programs and libraries is appropriate for Service Provider-operated systems. And provide reports to DIR and DIR Customers. 11. Provide reports, on at least a weekly basis, to identify to DIR and DIR Customers those accounts that should be removed on systems for Service Provider-operated systems. 12. Capture data regarding routine access and exceptions for audit trail purposes, ensure that time stamps are synchronized with a common time source for event correlation and make such data available to DIR or DIR Customers upon request. 13. Perform security audits, provide Incident investigation support, and initiate corrective actions to minimize and prevent security breaches. 14. Provide reports on violation and access attempts, and retain documentation of the investigation. 15. Having obtained DIR approval, install, update, and maintain Software that will provide security monitoring, alarming, and access-tracking functionality for Service Provider- operated systems and Software. 16. Provide security access control tools for data, Software, and networks in compliance with DIR security policies, standards and procedures; and maintain such security and access control devices in proper working order. 17. Develop, implement, and maintain a set of automated and manual processes designed to enforce DIR and DIR Customer’s data access and security policies and procedures. 18. In coordination with DIR IT Security, establish procedures, forms, and approval levels for assigning, resetting, and disabling IDs and passwords used for data or system access by Authorized Users. 18.1. Execute all related administration for user IDs and passwords. 18.2. Be responsible for all related administration for user IDs and passwords for Service Provider-operated systems. 18.3. Regularly review account activity and disable inactive accounts. 19. Communicate with Authorized Users regarding requests for system or data access, and coordinate with DIR IT Security, which authorizes access to all DIR data and systems as appropriate. 20. Run periodic reports to identify accounts that should be removed/disabled or unusual disk space usage of a particular Authorized User or group, and provide reports to DIR IT Security. 21. Coordinate system password changes and, subject to DIR’s approval, change and test all local passwords as required. 22. Perform backup and recovery procedures in response to security violations that result in lost/damaged information. 23. Respond to all security validation and audit requests from DIR and/or regulatory authorities. 24. Cooperate and assist with efforts by DIR, DIR Customers and/or representatives of DIR for security tests (e.g. validation efforts, audits, Third Party security tests, the annual Control Penetration Test). 25. Work together with DIR to change security in responses to evolving requirements and changing technology and related processes. 26. Establish and maintain safeguards against the unauthorized access, destruction, loss, or alteration of DIR or DIR Customer data in the possession of the Service Provider, where the safeguards are at least as stringent as DIR policies. 27. Integrate Service Provider Logical Security Administration process with DIR’s, DIR Customers, other DCS Service Provider's, and Third Party Vendor(s)’ Logical Security Administration processes, where the processes interact.