Network Security and Intrusion Prevention Systems. Supplier shall (and shall cause its Representatives to) restrict, through the use of firewalls or other appropriate network technologies, access to Company Confidential Information. Supplier shall deploy intrusion prevention systems and firewalls on all publically accessible Supplier computer systems that access Company Confidential Information or Company Systems. Data Security. Supplier and its Representatives shall encrypt all Company Confidential Information in transmissions between Supplier and Company and between Supplier and all third parties (including its company’s Representatives). Encryption must utilize industry standard algorithms with a minimal key length of 128 bit. Access Control. Supplier shall, and shall maintain controls to, prohibit third parties (other than its Representatives, who, pursuant to the terms of the Agreement, are permitted access) from accessing Company Confidential Information. Supplier and its Representatives shall use authentication and authorization technologies for service, user and administrator level accounts in accordance with industry standard information security frameworks. Supplier shall ensure procedures exist for prompt modification or termination of access or rights in response to organizational changes. Supplier shall ensure procedures exist for provisioning accounts with privileged access rights (e.g., system administration privileges). Supplier shall periodically review the necessity of privileged access accounts. If Supplier requires remote access to Company Confidential Information, Supplier shall always use the Company-approved method of remote access that is specific to the Service being provided and the availability of appropriate remote access methods. Information Security Incident Management. Supplier shall establish and implement access and activity audit and logging procedures, including without limitation access attempts and privileged access. Supplier shall ensure security incident response planning and notification procedures exist (and Supplier implements) to monitor, react, notify and investigate any incident related to Company Confidential Information. Supplier shall, and shall cause its Representatives to, give notice to Company promptly, but in all events within 48 hours, after any actual or reasonably suspected unauthorized disclosure of, access to or other unauthorized disclosure verwerkt) voor het toepassen en beheren van beveiligingsupdates, - patches, -fixes, en -upgrades (gezamenlijk...
Network Security and Intrusion Prevention Systems. Supplier shall (and shall cause its Representatives to) restrict, through the use of firewalls or other appropriate network technologies, access to Company Confidential Information. Supplier shall deploy intrusion prevention systems and firewalls on all publically accessible Supplier computer systems that access Company Confidential Information or Company Systems.
Network Security and Intrusion Prevention Systems. Supplier shall (and shall cause its Representatives to) restrict, through the use of firewalls or other appropriate network technologies, access to Company Confidential Information. Supplier shall deploy intrusion prevention systems and firewalls on all publically accessible Supplier computer systems that access Company Confidential Information or Company Systems. Data Security. Supplier and its Representatives shall encrypt all Company Confidential Information in transmissions between Supplier and Company and between Supplier and all third parties (including its company’s Representatives). Encryption must utilize industry standard algorithms with a minimal key length of 128 bit. Access Control. Supplier shall, and shall maintain controls to, prohibit third parties (other than its Representatives, who, pursuant to the terms of the Agreement, are permitted access) from accessing Company Confidential Information. Supplier and its Representatives shall use authentication and authorization technologies for service, user and administrator level accounts in accordance with industry standard information security frameworks. Supplier shall ensure procedures exist for prompt modification or termination of access or rights in response to organizational changes. Supplier shall ensure procedures exist for provisioning accounts with privileged access rights (e.g., system administration privileges). Supplier shall periodically review the necessity of privileged access accounts. If per la Sicurezza Informatica. CONFORMITÀ ALLO STANDARD PER LA SICUREZZA INFORMATICA. Il Fornitore consentirà e ospiterà, con adeguato preavviso da parte della Società, una valutazione annuale on-site della sua conformità ad uno Standard di Settore per la Sicurezza Informatica, in sostituzione della presentazione di un certificato emesso xx xxxxx e attestante la sua conformità (e, per quanto applicabile, quella dei suoi Rappresentanti) ad uno Standard di Settore per la Sicurezza delle Informatica. Conformità ai termini di utilizzo. Il Fornitore e i suoi Rappresentanti, qualora e quando xxxxx collegati o impieghino Sistemi della Società, si atterranno a tutti i termini di utilizzo, agli standard e alle procedure applicabili della Società. Sicurezza fisica e ambientale. Il Fornitore archivierà le Informazioni Riservate della Società (e provvederà affinché i suoi rappresentanti facciano altrettanto) in luoghi al riparo xx xxxxxxxx naturali, furto, intrusione fisica, problemi di riscaldamento/raffr...
Network Security and Intrusion Prevention Systems. Supplier shall (and shall cause its Representatives to) restrict, through the use of firewalls or other appropriate network technologies, access to Company Confidential Information. Supplier shall deploy intrusion prevention systems and firewalls on all publically accessible Supplier computer systems that access Company Confidential Information or Company Systems. Electrotechnical Commission („IEC“) ISO/IEC 27001 - Information technology – Security techniques – Information security management systems – Requirements (Internationale Organisation für Normung/Internationale Elektrotechnische Kommission ISO/IEC 27001 - Informationstechnologie – Sicherheitstechniken – Informationssicherheits-Managementsysteme – Anforderungen) American Institute of Certified Public Accountants („AICPA“), „Trust Services Principles, Criteria and Illustrations“ Information Security Forum („ISF“) Standards of Good Practice („SoGP“) for Information Security National Institute of Standards and Technology („NIST„) Special Publication 800- 53 - Security and Privacy Controls for Federal Information Systems and Organizations (Nationales Institut für Standards und Technologie, Sonderveröffentlichung 800-53 – Sicherheits- und Datenschutzkontrollen für Systeme und Organisationen von US-Bundesbehörden) Information Systems Audit and Control Association („ISACA“), COBIT (Control Objectives for Information and related Technology) Vor der Erfüllung seiner Pflichten aus dem Vertrag, die den Zugriff auf vertrauliche Informationen des Unternehmens, deren Verarbeitung, Speicherung auf Servern oder in Rechnerumgebungen oder andere Formen des Hostings voraussetzen, muss der Lieferant dem Unternehmen eine Zertifizierung seitens eines Dritten übergeben, die die Einhaltung eines geeigneten Informationssicherheitsstandards durch den Lieferanten (und gegebenenfalls durch seine Vertreter) bestätigt. EINHALTUNG EINES INFORMATIONSSICHERHEITSSTANDARDS. Der Lieferant gestattet und ermöglicht dem Unternehmen nach rechtzeitiger Benachrichtigung eine jährliche Bewertung und Bestätigung der Einhaltung eines Informationssicherheitsstandards durch den Lieferanten und (im relevanten Umfang) seiner Vertreter anstelle der Zertifizierung dieser Einhaltung eines Informationssicherheitsstandards durch einen Dritten. Einhaltung der Nutzungsbedingungen. Der Lieferant und seine Vertreter müssen alle einschlägigen Nutzungsbedingungen, Standards und Verfahren des Unternehmens befolgen, wenn sie mit einem Unternehmenssystem verbu...
Network Security and Intrusion Prevention Systems. Supplier shall (and shall cause its Representatives to) restrict, through the use of firewalls or other appropriate network technologies, access to Company Confidential Information. Supplier shall deploy intrusion prevention systems and firewalls on all publically accessible Supplier computer systems that access Company Confidential Information or Company Systems. Data Security. Supplier and its Representatives shall encrypt all Company Confidential Information in transmissions between Supplier and Company and between Supplier and all third parties (including its company’s Representatives). Encryption must utilize industry standard algorithms with a minimal key length of 128 bit. Information Security National Institute of Standards and Technology („NIST„) Special Publication 800- 53 - Security and Privacy Controls for Federal Information Systems and Organizations (Nationales Institut für Standards und Technologie, Sonderveröffentlichung 800-53 – Sicherheits- und Datenschutzkontrollen für Systeme und Organisationen von US-Bundesbehörden) Information Systems Audit and Control Association („ISACA“), COBIT (Control Objectives for Information and related Technology) Vor der Erfüllung seiner Pflichten aus dem Vertrag, die den Zugriff auf vertrauliche Informationen des Unternehmens, deren Verarbeitung, Speicherung auf Servern oder in Rechnerumgebungen oder andere Formen des Hostings voraussetzen, muss der Lieferant dem Unternehmen eine Zertifizierung seitens eines Dritten übergeben, die die Einhaltung eines geeigneten Informationssicherheitsstandards durch den Lieferanten (und gegebenenfalls durch seine Vertreter) bestätigt. EINHALTUNG EINES INFORMATIONSSICHERHEITSSTANDARDS. Der Lieferant gestattet und ermöglicht dem Unternehmen nach rechtzeitiger Benachrichtigung eine jährliche Bewertung und Bestätigung der Einhaltung eines Informationssicherheitsstandards durch den Lieferanten und (im relevanten Umfang) seiner Vertreter anstelle der Zertifizierung dieser Einhaltung eines Informationssicherheitsstandards durch einen Dritten. Einhaltung der Nutzungsbedingungen. Der Lieferant und seine Vertreter müssen alle einschlägigen Nutzungsbedingungen, Standards und Verfahren des Unternehmens befolgen, wenn sie mit einem Unternehmenssystem verbunden sind oder ein Unternehmenssystem nutzen. Physische und Umgebungssicherheit. Der Lieferant speichert vertrauliche Informationen des Unternehmens an Xxxxx, die vor Naturkatastrophen, Diebstahl, physischem Eindringen, Heiz- oder Küh...
Network Security and Intrusion Prevention Systems. Supplier shall (and shall cause its Representatives to) restrict, through the use of firewalls or other appropriate network technologies, access to Company Confidential Information. Supplier shall deploy intrusion prevention systems and firewalls on all publically accessible Supplier computer systems that access Company Confidential Information or Company Systems. Data Security. Supplier and its Representatives shall encrypt all Company Confidential Information in transmissions between Supplier and Company and between Supplier and all third parties (including its company’s Representatives). Encryption must utilize industry standard algorithms with a minimal key length of 128 bit. Access Control. Supplier shall, and shall maintain controls to, prohibit third parties (other than its Representatives, who, pursuant to the terms of the Agreement, are permitted access) from accessing Company Confidential Information. Supplier and its Representatives shall use authentication and authorization technologies for Πριν από την εκπλήρωση των υποχρεώσεών του βάσει της Συμφωνίας που απαιτεί πρόσβαση, επεξεργασία, αποθήκευση σε διακομιστές ή υπολογιστικό περιβάλλον ή άλλες μορφές φιλοξενίας των Εμπιστευτικών Πληροφοριών της Εταιρείας, ο Προμηθευτής οφείλει να παρέχει στην Εταιρεία πιστοποίηση τρίτου μέρους που επαληθεύει τη συμμόρφωσή του (και, στο βαθμό που ισχύει, των εκπροσώπων του) με ένα Βιομηχανικό Πρότυπο Ασφάλειας Πληροφοριών. ΣΥΜΜΟΡΦΩΣΗ ΜΕ ΤΟ ΠΡΟΤΥΠΟ ΑΣΦΑΛΕΙΑΣ ΠΛΗΡΟΦΟΡΙΩΝ. Ο Προμηθευτής οφείλει να επιτρέψει και να δεχθεί, με κατάλληλη γνωστοποίηση από την Εταιρεία, μια ετήσια επιτόπια αξιολόγηση της συμμόρφωσής του με το Πλαίσιο Βιομηχανικών Προτύπων Ασφάλειας Πληροφοριών, αντί να παρέχει στην Εταιρεία πιστοποίηση τρίτου μέρους που να την επαληθεύει (και, στο βαθμό που ισχύει) συμμόρφωση με ένα Βιομηχανικό Πρότυπο Ασφάλειας Πληροφοριών. Συμμόρφωση με τους Όρους Χρήσης. Ο Προμηθευτής και οι Αντιπρόσωποί του, εφόσον και όταν συνδέονται ή χρησιμοποιούν τα Συστήματα της Εταιρείας, οφείλουν να συμμορφώνονται με όλους τους ισχύοντες όρους χρήσης, τα πρότυπα και τις διαδικασίες της Εταιρείας. Φυσική και περιβαλλοντική ασφάλεια. Ο Προμηθευτής υποχρεούται και υποχρεώνει τους αντιπροσώπους του να αποθηκεύουν Εμπιστευτικές Πληροφορίες της Εταιρείας σε χώρους που προστατεύονται από φυσικές καταστροφές, κλοπή, φυσική εισβολή, προβλήματα θέρμανσης ή ψύξης, διακοπή ρεύματος και παράνομη και μη εξουσιοδοτημένη φυσική πρόσβαση. Διαχείριση λειτουργιών ασφάλειας.
5.1 Διαδικασία προ...
Network Security and Intrusion Prevention Systems. Supplier shall (and shall cause its Representatives to) restrict, through the use of firewalls or other appropriate network technologies, access to Company Confidential Information. Supplier shall deploy intrusion prevention systems and firewalls on all publically accessible Supplier computer systems that access Company Confidential Information or Company Systems. ya da daha fazlasını xxxxx xxxx dokümante edilmiş bir güvenlik programını uygulamaya koymayı ve Sözleşmenin Geçerlilik Süresi boyunca yürürlükte tutmayı garanti xxxx: Uluslararası Standartlar Örgütü ("ISO") / Uluslararası Elektroteknik Komisyonu ("IEC") ISO/IEC 27001 - Bilgi teknolojileri – Güvenlik teknikleri – Bilgi güvenliği yönetim sistemleri -- Gereksinimler veya Amerikan Yeminli Serbest Mali Müşavirler Enstitüsü (“AICPA”) Mutemetlik Hizmetleri İlkeleri, Kriterleri ve Örnekleri veya Bilgi Güvenliği Forumu ("ISF") Bilgi Güvenliğine Yönelik İyi Uygulamalar Standartları ("SoGP") veya Ulusal Standartlar ve Teknoloji Enstitüsü ("NIST") Özel Yayın 800-53 - Federal Bilgi Sistemleri ve Organizasyonlar için Güvenlik ve Gizlilik Kontrolleri veya Bilgi Sistemlerini Denetleme ve Kontrol Etme Derneği ("ISACA") Bilişim ve İlgili Teknolojiler için Kontrol Hedefleri (COBIT). Tedarikçi; Şirket Gizli Bilgilerine erişme, bunları işleme, sunucular veya bilişim ortamında ya da diğer barındırma yöntemleri üzerinde depolama görevleri sonucu Sözleşme kapsamında doğan yükümlülüklerini yerine getirmeden önce, bir Bilgi Güvenliği Sektör Standardına uyumluluğunu (ve varsa Temsilcilerinin de uyumluluğunu) onaylayan bir üçüncü taraf sertifikasını Şirkete ibraz edecektir.
Network Security and Intrusion Prevention Systems. Supplier shall (and shall cause its Representatives to) restrict, through the use of firewalls or other appropriate network technologies, access to Company Confidential Information. Supplier shall deploy intrusion prevention systems and firewalls on all publically accessible Supplier computer systems that access Company Confidential Information or Company Systems. Data Security. Supplier and its Representatives shall encrypt all Company Confidential Information in transmissions between Supplier and Company and between Supplier and all third parties (including its company’s Representatives). Encryption must utilize industry standard algorithms with a minimal key length of 128 bit. Access Control. Supplier shall, and shall maintain controls to, prohibit third parties (other than its Representatives, who, pursuant to the terms of the Agreement, are permitted access) from accessing Company Confidential a ilustrácie trustových služieb, alebo Information Security Forum („ISF“) – štandardy osvedčených postupov zabezpečenia údajov, alebo Národný inštitút štandardov a technológie („NIST“) – špeciálna publikácia 800-53 – kontroly ochrany osobných údajov a zabezpečenia pre federálne informačné systémy a organizácie, alebo Information Systems Audit and Control Association („ISACA“) – ciele kontrol pre informačné a súvisiace technológie (COBIT). Dodávateľ pred plnením svojich povinností vyplývajúcich zo zmluvy, ktoré si vyžadujú prístup k dôverným údajom spoločnosti, ich spracúvanie, uchovávanie na serveroch alebo v počítačovom prostredí či iné formy ich hosťovania, predloží spoločnosti certifikáciu tretej strany, ktorá potvrdzuje xxxx xxxxx (a v príslušnom rozsahu xx xxxxx jeho zástupcov) s priemyselným štandardom zabezpečenia údajov. SÚLAD SO ŠTANDARDOM ZABEZPEČENIA ÚDAJOV. Dodávateľ namiesto predloženia certifikácie od tretej strany, ktorá potvrdzuje xxxx xxxxx (a v príslušnom rozsahu xx xxxxx jeho zástupcov) s priemyselným štandardom zabezpečenia údajov, umožní spoločnosti po jej riadnom oznámení vykonávať na svojom pracovisku každoročné posúdenie svojho súladu s rámcom priemyselných štandardov zabezpečenia údajov. Súlad s podmienkami používania. Dodávateľ a jeho zástupcovia budú pri pripojení k systémom spoločnosti alebo pri ich používaní dodržiavať všetky príslušné podmienky používania, štandardy a postupy spoločnosti. Fyzické zabezpečenie a zabezpečenie prostredia. Dodávateľ bude uchovávať a zabezpečí, aby jeho zástupcovia uchovávali dôverné údaje spoločnosti na...
