Security Governance. Supplier will: a. Develop, document, periodically update, and implement security plans for information systems that describe the security controls in place or planned for the information systems and the rules of behavior for individuals accessing the information systems. b. Maintain an information security governance policy or set of policies that conform to all applicable data protection laws and regulations and that verifiably addresses these Requirements along with purpose, scope, roles, responsibilities, management commitment, coordination among Supplier’s entities, and compliance. Failure to comply with policies will be addressed through appropriate discipline. c. Ensure that the information security program is approved/endorsed by Supplier’s executive management. d. Regularly review its information security program plan and update the plan to address organizational changes, material changes in business practices or issues identified in risk assessments. e. Implement a risk management strategy consistently across the organization. f. Ensure all permitted third-parties that will perform services in support of this Agreement on behalf of Supplier (e.g. subcontractors), including cloud service providers, comply in writing with materially similar Requirements to those outlined in this Exhibit. g. Monitor security control compliance by external service providers on an ongoing basis.
Appears in 4 contracts
Samples: Transfer and Servicing Agreement (Verizon Master Trust), Transfer and Servicing Agreement (Verizon Master Trust), Transfer and Servicing Agreement (Verizon Master Trust)
