Security Governance. Supplier must: a. Develop, document, periodically update, and implement security plans for information systems that describe the security controls in place or planned for the information systems and the rules of behavior for individuals accessing the information systems. b. Maintain an information security governance policy or set of policies that conform to all applicable data protection laws and regulations and that verifiably addresses these Requirements along with purpose, scope, roles, responsibilities, management commitment, coordination among Supplier’s entities, and compliance. Failure to comply with policies must be addressed through appropriate discipline. c. Ensure that the information security program is approved/endorsed by Supplier’s executive management. d. Regularly review its information security program plan and update the plan to address organizational changes, material changes in business practices or issues identified in risk assessments. e. Implement a risk management strategy consistently across the organization. 5 Baseline Security Requirements For Verizon Suppliers
Appears in 2 contracts
Samples: Transfer and Servicing Agreement (Verizon Owner Trust 2020-B), Transfer and Servicing Agreement (Verizon Owner Trust 2020-B)
Security Governance. Supplier must: a. Develop, document, periodically update, and implement security plans for information systems that describe the security controls in place or planned for the information systems and the rules of behavior for individuals accessing the information systems. b. Maintain an information security governance policy or set of policies that conform to all applicable data protection laws and regulations and that verifiably addresses these Requirements along with purpose, scope, roles, responsibilities, management commitment, coordination among Supplier’s 's entities, and compliance. Failure to comply with policies must be addressed through appropriate discipline. c. Ensure that the information security program is approved/endorsed by Supplier’s 's executive management. d. Regularly review its information security program plan and update the plan to address organizational changes, material changes in business practices or issues identified in risk assessments. e. Implement a risk management strategy consistently across the organization. 5 Baseline Security Requirements For Verizon Suppliers.
Appears in 2 contracts
Samples: Transfer and Servicing Agreement (Verizon Owner Trust 2020-B), Transfer and Servicing Agreement (Verizon Owner Trust 2020-C)
Security Governance. Supplier must: a. Develop, document, periodically update, and implement security plans for information systems that describe the security controls in place or planned for the information systems and the rules of behavior for individuals accessing the information systems. b. Maintain an information security governance policy or set of policies that conform to all applicable data protection laws and regulations and that verifiably addresses these Requirements along with purpose, scope, roles, responsibilities, management commitment, coordination among Supplier’s entities, and compliance. Failure to comply with policies must be addressed through appropriate discipline. c. Ensure that the information security program is approved/endorsed by Supplier’s executive management. d. Regularly review its information security program plan and update the plan to address organizational changes, material changes in business practices or issues identified in risk assessments. e. Implement a risk management strategy consistently across the organization. 5 Baseline Security Requirements For Verizon Suppliers.
Appears in 2 contracts
Samples: Transfer and Servicing Agreement (Verizon Owner Trust 2020-C), Transfer and Servicing Agreement (Verizon Owner Trust 2020-C)
