Common use of Response controls Clause in Contracts

Response controls. Controls are in place to protect against, and support the detection of, malicious use of assets and malicious software and to report potential incidents to the Provider’s IS function or Service Desk for appropriate action. Controls may include, but are not limited to: information security policies and standards; restricted access; designated development and test environments; virus detection on servers, desktop and notebooks; virus email attachment scanning; system compliance scans; intrusion prevention monitoring and response; firewall rules; logging and alerting on key events; information handling procedures based on data type; e-commerce application and network security; and system and application vulnerability scanning. Additional controls may be implemented based on risk.

Response controls. Controls are in place to protect against, and support the detection of, malicious use of assets and malicious software and to report potential incidents to the Providerdata importer’s IS function or Service Desk for appropriate action. Controls may include, but are not limited to: information security policies and standards; restricted access; designated development and test environments; virus detection on servers, desktop and notebooks; virus email attachment scanning; system compliance scans; intrusion prevention monitoring and response; firewall rules; logging and alerting on key events; information handling procedures based on data type; e-commerce application and network security; and system and application vulnerability scanning. Additional controls may be implemented based on risk.

Response controls. Controls are in place to protect against, and support the detection of, malicious use of assets and malicious software and to report potential incidents to the Provider’s IS function or Service Desk for appropriate action. Controls may include, but are not limited to: information security policies and standards; restricted access; designated development and test environments; virus detection on servers, desktop and notebooks; virus email attachment scanning; system compliance scans; intrusion prevention monitoring and response; firewall rules; logging and alerting on key events; information handling procedures based on data type; e-e- commerce application and network security; and system and application vulnerability scanning. Additional controls may be implemented based on risk.