OPERATIONAL AND NETWORK SECURITY. 8.1 The Supplier must protect its networks from external attack by using a set of security technologies (e.g. firewalls, intrusion prevention system, anti-virus software etc...) and techniques (e.g. Network segregation etc...) and must provide to GBG, upon request details of these technologies.
8.2 The Supplier will install and maintain a working network firewall to protect any Personal Data accessible via the internet and will keep all Personal Data protected by the firewall at all times. The Supplier shall ensure that all networks not owned or managed by the Supplier are routed through the firewall, prior to being allowed access to the Supplier’s network. Firewalls must ensure secure connections between internal and external systems and shall be configured as so to only allow the required traffic to pass through. The firewall must provide both ingress and egress filtering and have a default policy of blocking unauthorised network traffic. Firewall configurations must be regularly reviewed to remove redundant or inappropriate rules and all rule base changes must be conducted under change control conditions.
8.3 The Supplier shall only process and/or store Personal Data in a trusted network environment under the direct control of the Supplier. The network shall be protected from external threats, including access control at the physical, network and application layers to allow only those who have been authorised by the Supplier to have access to such Personal Data.
8.4 The Supplier shall ensure that the network is continuously segregated to deny access from public of untrusted networks belonging to any third parties who have no right to access Personal Data.
8.5 The Supplier agrees in relation to any proposed modifications to any system or process used in the provision of the Services which may affect the security of any GBG Data that:
(a) it shall notify GBG in advance of any such proposed modifications to any system or process and the likely risk (if any) to the security of any GBG Data;
(b) if there is any likelihood of an increased risk to GBG Data then the Supplier shall not proceed with the modification without first obtaining GBG’s prior written consent; and
(c) it shall, if the security of any GBG Data is so negatively affected, restore the security of the End User without undue delay to GBG’s sole satisfaction.
8.6 The Supplier must record logs of network activity and retain the ability to inspect these logs in the event of a suspected or realised...
OPERATIONAL AND NETWORK SECURITY. 8.1 The Supplier must protect its networks from external attack by using a set of security technologies (e.g. firewalls, intrusion prevention system, anti-virus software etc...) and techniques (.e.g. Network segregation etc...) and must provide to CLIENT, upon request details of these technologies.
