Common use of Response controls Clause in Contracts

Response controls. Controls are in place to protect against, and support the detection of, malicious use of assets and malicious software and to report potential incidents to the Arista’s IS function or Service Desk for appropriate action. Controls may include, but are not limited to: information security policies and standards; restricted access; designated development and test environments; virus detection on servers, desktop and notebooks; virus email attachment scanning; system compliance scans; intrusion prevention monitoring and response; firewall rules; logging and alerting on key events; information handling procedures based on data type; e-commerce application and network security; and system and application vulnerability scanning. Additional controls may be implemented based on risk. Arista shall, to the extent it has control over any electronic transmission or transfer of personal data, take all reasonable steps to ensure that such transmission or transfer cannot be read, copied, altered or removed without proper authority during its transmission or transfer. In particular, Arista shall: 1. implement industry-standard encryption practices in its transmission of personal data, including standard encryption practices from the National Institute of Standards and Technology (NIST). Industry-standard encryption methods used by Arista includes Transport Layer Security (TLS), a secure shell program such as SSH, and/or Internet Protocol Security (IPSec); 2. if technically feasible, encrypt all personal data, including, in particular any sensitive personal data or confidential information, when transmitting or transferring that data over any public network, or over any network not owned and maintained by Arista. The Arista’s policy recognizes that encryption is ineffective unless the encryption key is inaccessible to unauthorized individuals and instructs personnel never to provide an encryption key via the same channel as the encrypted document;

Response controls. Controls are in place to protect against, and support the detection of, malicious use of assets and malicious software and to report potential incidents to the AristaExpel’s IS function or Service Desk for appropriate action. Controls may include, but are not limited to: information security policies and standards; restricted access; designated development and test environments; virus detection on servers, desktop and notebooks; virus email attachment scanning; system compliance scans; intrusion prevention monitoring and response; firewall rules; logging and alerting on key events; information handling procedures based on data type; e-commerce application and network security; and system and application vulnerability scanning. Additional controls may be implemented based on risk. Arista Expel shall, to the extent it has control over any electronic transmission transmission, transfer or transfer storage of personal data, take all reasonable steps to ensure that such transmission or transfer data cannot be read, copied, altered or removed without proper authority during its transmission transmission, transfer or transferstorage. In particular, Arista Expel shall: 1. implement industry-standard encryption practices in its transmission and storage of personal data, including standard encryption practices from the National Institute of Standards and Technology (NIST). Industry-standard encryption methods used by Arista Expel includes Secure Sockets Layer (SSL), Transport Layer Security (TLS), a secure shell program such as SSH, and/or Internet Protocol Security (IPSec), and at least AES-256-bit encryption; 2. if technically feasible, encrypt all personal data, including, in particular any sensitive personal data or confidential information, when transmitting or transferring that data over any public network, or over any network not owned and maintained by AristaExpel. The AristaExpel’s policy recognizes that encryption is ineffective unless the encryption key is inaccessible to unauthorized individuals and instructs personnel never to provide an encryption key via the same channel as the encrypted document;

Response controls. Controls are in place to protect against, and support the detection of, malicious use of assets and malicious software and to report potential incidents to the Aristadata importer’s IS function or Service Desk for appropriate action. Controls may include, but are not limited to: information security policies and standards; restricted access; designated development and test environments; virus detection on servers, desktop and notebooks; virus email attachment scanning; system compliance scans; intrusion prevention monitoring and response; firewall rules; logging and alerting on key events; information handling procedures based on data type; e-commerce application and network security; and system and application vulnerability scanning. Additional controls may be implemented based on risk. Arista Data importer shall, to the extent it has control over any electronic transmission or transfer of personal data, take all reasonable steps to ensure that such transmission or transfer cannot be read, copied, altered or removed without proper authority during its transmission or transfer. In particular, Arista data importer shall: 1. implement industry-standard encryption practices in its transmission of personal data, including standard encryption practices from the National Institute of Standards and Technology (NIST). Industry-standard encryption methods used by Arista data importer includes Secure Sockets Layer (SSL), Transport Layer Security (TLS), a secure shell program such as SSH, and/or Internet Protocol Security (IPSec); 2. if technically feasible, encrypt all personal data, including, in particular any sensitive personal data or confidential information, when transmitting or transferring that data over any public network, or over any network not owned and maintained by Aristadata importer. The Aristadata importer’s policy recognizes that encryption is ineffective unless the encryption key is inaccessible to unauthorized individuals and instructs personnel never to provide an encryption key via the same channel as the encrypted document;