Operations Security. The Company shall have an established change management system in place for making changes to business processes, information processing facilities and systems. The change management system shall include tests and reviews before changes are implemented, such as procedures to handle urgent changes, roll back procedures to recover from failed changes, logs that show, what has been changed, when and by whom. The Company shall implement malware protection to ensure that any software used for Company’s provision of the Services to the Customer is protected from malware. The Company shall make backup copies of critical information and test back-up copies to ensure that the information can be restored as agreed with the Customer. The Company shall log and monitor activities, such as create, reading, copying, amendment and deletion of processed data, as well as exceptions, faults and information security events and regularly review these. Furthermore, the Company shall protect and store (for at least 6 months or such period/s set by Data Protection Law) log information, and on request, deliver monitoring data to the Customer. Anomalies / incidents / indicators of compromise shall be reported according to the data breach management requirements as set out in clause 9, below. The Company shall manage vulnerabilities of all relevant technologies such as operating systems, databases, applications proactively and in a timely manner. The Company shall establish security baselines (hardening) for all relevant technologies such as operating systems, databases, applications. The Company shall ensure development is segregated from test and production environment.
Appears in 5 contracts
Samples: Data Protection Agreement, Data Protection Agreement, Data Protection Agreement
