Physical and Technical Security. Provider will provide appropriate and adequate physical and technical security for the Application Services, including, but without limitation, the following:
1. Provider will have Representatives capable of identifying, categorizing, and responding to a security incident.
2. Provider will implement a security fix across the infrastructure in accordance with Provider’s regular updateprocess.
3. Provider will promptly shut down ALL access to the System, or any component of it associated with the Application Services, responding to a request by Company’s securitymanager.
4. Provider will not directly or indirectly subcontract, assign, or transfer, permit, or allow any portion of the Services, related support, or other activities under the Agreement offshore, meaning outside the continental United States, Canada or the United Kingdom, without the express prior written consent of the Company.
5. Provider will require all permitted subcontractors and/or third party service providers utilized either directly or indirectly by Provider in the performance of Services ("Third Party Service Provider") to adhere to, and with all requirements of the Agreement, including, but not limited to, the Company security requirements set forth in the Agreement.
6. Provider will conduct annual independent security reviews and audits by a reputable and nationally known independent third party audit firm to ensure that Provider is meeting all of the physical and technical security requirements of the Agreement. Provider’s audit agency will prepare a written audit report detailing audit findings. Provider will not store or transmit Company Data as clear text. Provider will store and transmit Company Data only in a secure and encrypted mode.
7. Provider will institute and maintain a separation of duties between application development, quality assurance, testing, and production environments.
Physical and Technical Security. Provider will provide appropriate and adequate physical and technical security for the Application Services, including, but without limitation, the following:
1. Provider will have Representatives capable of identifying, categorizing, and responding to a security incident on duty and at its site 24X365.
2. Provider will promptly notify Company of any new potential security vulnerability that may affect the Services. This notification will include the probable risks and the time by which a security fix will likely occur. Provider will again notify Company upon the completion of the security fix.
3. Provider will implement a security fix across the infrastructure within 4 hours of approval from Company.
4. Provider will notify Company’s security manager within 15 minutes if it believes that an attack is in process.
5. If requested by Company, Provider will assist Company in preparing written responses to audit requirements or findings without additional charge.
6. Provider will shut down ALL access to the System, or any component of it associated with the Application Services, within 15 minutes upon request by Company’s security manager.
7. Provider will not directly or indirectly subcontract, assign, or transfer, permit, or allow any portion of the Services, related support, or other activities under the Agreement offshore, meaning outside the continental United States, without the express prior written consent of the Company.
8. Provider will require all permitted subcontractors and/or third party service providers utilized either directly or indirectly by Provider in the performance of Services (“Third Party Service Provider”) to adhere to, and agree in writing, to be bound by and comply with all requirements of the Agreement, including, but not limited to, the Company security requirements set forth in the Agreement. On an annual basis during the Term, Provider will provide Company with a written certification, signed by an officer of Provider and each Third Party Service Provider, certifying that the Third Party Service Provider is bound by and is complying with all requirements of the Agreement, including, but not limited to, the Company security requirements set forth in the Agreement.
9. Provider will begin testing new versions of software/hardware supporting the security infrastructure within 2 weeks of release by the third-party supplier and will complete the testing as quickly as commercially possible unless significant issues are discovered. If s...
Physical and Technical Security. Provider will provide appropriate and adequate physical and technical security for the Application Services, including, but without limitation, the following:
1. Provider will promptly notify Customer of any new potential security vulnerability that may affect the Services. This notification will include the probable risks and the time by which a security fix will likely occur. Provider will again notify Customer upon the completion of the security fix.
2. Provider will implement a security fix across the infrastructure within 4 hours of approval from Customer.
3. Provider will notify Customer's security manager within 24 hours if it believes that an attack is in process
4. If requested by Customer, Provider will assist Customer in preparing written responses to audit requirements or findings without additional charge.
5. Provider will shut down ALL access to the System, or any component of it associated with the Services, within 15 minutes upon request by Customer's security manager.
6. Provider will conduct annual independent security reviews and audits by a reputable and nationally known independent audit agency to ensure that Provider is meeting all of the physical and technical security requirements of the Agreement.
7. Provider will not store or transmit Customer Data as clear text. Provider will store and transmit Customer Data only in a secure and encrypted mode.
8. Provider will institute and maintain a separation of duties between application development, quality assurance, testing, and production environments, along with separation between systems, database, and application administration.
