Provider’s Information Security Policies Clause Samples

Provider’s Information Security Policies. Without limiting the generality of the foregoing, Provider’s information security policies shall provide for (i) continual assessment and re-assessment of the risks to the confidentiality, integrity, and availability of ▇▇▇▇▇▇▇ Data and Systems acquired or maintained by Provider and its agents and contractors in connection with the Services, including (a) identification of internal and external threats that could result in a Security Breach, (b) assessment of the likelihood and potential damage of such threats, taking into account the sensitivity of ▇▇▇▇▇▇▇ Data, (c) identification of potential vulnerabilities in Software, Equipment, processes, policies, controls, or other Systems used or supported in connection with the Services, and (d) assessment of the sufficiency of policies, procedures, and information systems of Provider and its agents and contractors, and other arrangements in place, to control risks; and (ii) appropriate protection against such risks. “Physical Security” means physical security at any Provider Facility or other location housing systems maintained by Provider or its agents or subcontractors in connection with the Services. “Systems Security” means security of computer, electronic or telecommunications systems of any variety (including data bases, hardware, software, storage, switching and interconnection devices and mechanisms), and networks of which such systems are a part or communicate with, used directly or indirectly by Provider or its agents or subcontractors in connection with the Services. “Process” or “Processing” means any operation or set of operations performed upon ▇▇▇▇▇▇▇ customers’ personal information, whether or not by automatic means, such as creating, collecting, procuring, obtaining, accessing, recording, organizing, storing, adapting, altering, retrieving, consulting, using, disclosing or destroying.