Mobile and Cloud Technology Clause Samples
The Mobile and Cloud Technology clause defines the terms under which mobile applications and cloud-based services are used, accessed, or provided within the scope of an agreement. It typically outlines responsibilities regarding data storage, security, and access when utilizing cloud platforms or mobile devices, and may specify requirements for compatibility, updates, or support. This clause ensures that both parties understand their obligations and rights concerning the use of modern technology solutions, thereby reducing risks related to data breaches, service interruptions, or compliance issues.
Mobile and Cloud Technology. 7.1 Storing Experian data on mobile devices is prohibited. Any exceptions must be obtained from Experian in writing; additional security requirements will apply.
7.2 Mobile applications development must follow industry known secure software development standard practices such as OWASP and OWASP Mobile Security Project adhering to common controls and addressing top risks.
7.3 Mobile applications development processes must follow secure software assessment methodology which includes appropriate application security testing (for example: static, dynamic analysis, penetration testing) and ensuring vulnerabilities are remediated.
7.4 Mobility solution server/system should be hardened in accordance with industry and vendor best practices such as Center for Internet Security (CIS) benchmarks, NIS, NSA, DISA and/or other.
7.5 Mobile applications and data shall be hosted on devices through a secure container separate from any personal applications and data. See details below. Under no circumstances is Experian data to be exchanged between secured and non-secured applications on the mobile device.
7.6 In case of non-consumer access, that is, commercial/business-to-business (B2B) users accessing Experian data via mobile applications (internally developed or using a third party application), ensure that multi-factor authentication and/or adaptive/risk- based authentication mechanisms are utilized to authenticate users to application.
7.7 When using cloud providers to access, transmit, store, or process Experian data ensure that: Appropriate due diligence is conducted to maintain compliance with applicable laws and regulations and contractual obligations Cloud providers must have gone through independent audits and are compliant with one or more of the following standards, or a current equivalent as approved/recognized by Experian: 8. General o ISO 27001 o PCI DSS o EI3PA o SSAE 16 – SOC 2 or SOC3 o FISMA o CAI / CCM assessment
8.1 ACRAnet may from time to time audit the security mechanisms Company maintains to safeguard access to Experian information, systems and electronic communications. Audits may include examination of systems security and associated administrative practices
8.2 In cases where the Company is accessing Experian information and systems via third party software, the Company agrees to make available to ACRAnet upon request, audit trail information and management reports generated by the vendor software, regarding Company individual authorized user...
Mobile and Cloud Technology. Client will not store Credit Bureau Data on mobile devices. Any exceptions will be obtained from the specifically effected Credit Bureau. Mobile applications development must follow industry known secure software development standard practices such as OWASP and OWASP Mobile Security Project adhering to common controls and addressing top risks.
a. Mobile applications development processes must follow secure software assessment methodology which includes appropriate application security testing (for example: static, dynamic analysis, penetration testing) and ensuring vulnerabilities are remediated.
b. Mobility solution server/system should be hardened in accordance with industry and vendor best practices such as Center for Internet Security (CIS) benchmarks, NIS, NSA, DISA and/or other.
c. Mobile applications and data shall be hosted on devices through a secure container separate from any personal applications and data. See details below. Under no circumstances is Credit Bureau Data to be exchanged between secured and nonsecured applications on the mobile device.
d. In case of non-consumer access, that is, commercial/business-to-business (B2B) users accessing Credit Bureau Data via mobile applications (internally developed or using a third-party application), ensure that multi-factor authentication and/or adaptive/ risk-based authentication mechanisms are utilized to authenticate users to application.
e. When using cloud providers to access, transmit, store, or process Credit Bureau Data ensure that:
1. Appropriate due diligence is conducted to maintain compliance with applicable laws and regulations and contractual obligations
2. Cloud providers must have gone through independent audits and are compliant with one or more of the following standards, or a current equivalent as approved/recognized by the Credit Bureaus:
(i) ISO 27001 (ii) PCI DSS (iii) EI3PA (iv) SSAE16 – SOC2 or SOC 3 (v) FISMA
Mobile and Cloud Technology. 7.1 Storing Experian data on mobile devices is prohibited. Any exceptions must be obtained from Experian in writing; additional security requirements will apply.
7.2 Mobile applications development must follow industry known secure software development standard practices such as OWASP and OWASP Mobile Security Project adhering to common controls and addressing top risks.
7.3 Mobile applications development processes must follow secure software assessment methodology which includes appropriate application security testing (for example: static, dynamic analysis, penetration testing) and ensuring vulnerabilities are remediated.
7.4 Mobility solution server/system should be hardened in accordance with industry and vendor best practices such as Center for Internet Security (CIS) benchmarks, NIS, NSA, DISA and/or other.
7.5 Mobile applications and data shall be hosted on devices through a secure container separate from any personal applications and data. See details below. Under no circumstances is Experian data to be exchanged between secured and non-secured applications on the mobile device.
7.6 In case of non-consumer access, that is, commercial/business-to-business (B2B) users accessing Experian data via mobile applications (internally developed or using a third party application), ensure that multi-factor authentication and/or adaptive/risk-based authentication mechanisms are utilized to authenticate users to application.
7.7 When using cloud providers to access, transmit, store, or process Experian data ensure that:
Mobile and Cloud Technology. 7.1 Storing RPS data on mobile devices is prohibited. Any exceptions must be obtained from RPS in writing; additional security requirements will apply.
7.2 Mobile applications development must follow industry known secure software development standard practices such as OWASP and OWASP Mobile Security Project adhering to common controls and addressing top risks.
7.3 Mobile applications development processes must follow secure software assessment methodology which includes appropriate application security testing (for example: static, dynamic analysis, penetration testing) and ensuring vulnerabilities are remediated.
7.4 When using cloud providers to access, transmit, store, or process RPS data ensure that: • Appropriate due diligence is conducted to maintain compliance with applicable laws and regulations and contractual obligations
Mobile and Cloud Technology a) Storing Enformion Products on mobile, cloud or portable devices and services is prohibited. Any exceptions must be obtained from Enformion in writing; additional security requirements will apply.
b) Mobile applications development must follow industry known secure software development standard practices such as OWASP and OWASP Mobile Security Project adhering to common controls and addressing top risks.
c) Mobile applications development processes must follow secure software assessment methodology which includes appropriate application security testing (for example: static, dynamic analysis, penetration testing) and ensuring vulnerabilities are remediated.
d) Under no circumstances are Enformion Products to be exchanged between secured and non-secured applications on the mobile device.
e) In case of non-consumer access, that is, commercial/business-to-business (B2B) users accessing Enformion Products via mobile applications (internally developed or using a third party application), ensure that multi-factor authentication mechanisms are utilized to authenticate users to application.