Maintain an Information Security Policy. Partner's ISMS is based on its security policies that are regularly reviewed (at least yearly) and maintained and disseminated to all relevant parties, including all personnel. Security policies and derived procedures clearly define information security responsibilities including responsibilities for: ● Maintaining security policies and procedures, ● Secure development, operation and maintenance of software and systems, ● Security alert handling, ● Security incident response and escalation procedures, ● User account administration, ● Monitoring and control of all systems as well as access to Personal Data. Personnel is screened prior to hire and trained (and tested) through a formal security awareness program upon hire and annually. For service providers with whom Personal Data is shared or that could affect the security of Personal Data a process has been set up that includes initial due diligence prior to engagement and regular (typically yearly) monitoring. Personal Data has implemented a risk-assessment process that is based on ISO 27005.
Appears in 5 contracts
Samples: resultsmedia.com, cubepile.com, mars.video
Maintain an Information Security Policy. Partner's ISMS is based on its security policies that are regularly reviewed (at least yearly) and maintained and disseminated to all relevant parties, including all personnel. Security policies and derived procedures clearly define information security responsibilities including responsibilities for: ● Maintaining security policies and procedures, ● Secure development, operation and maintenance of software and systems, ● Security alert handling, ● Security incident response and escalation procedures, ● User account administration, ● Monitoring and control of all systems as well as access to Personal Data. Personnel is screened prior to hire and trained (and tested) through a formal security awareness program upon hire and annually. For service providers with whom Personal Data is shared or that could affect the security of Personal Data a process has been set up that includes initial due diligence prior to engagement and regular (typically yearly) monitoring. Personal Data has implemented a risk-assessment process that is based on ISO 27005.
Appears in 1 contract
Samples: Affiliate Agreement