Common use of Security in development and support processes Clause in Contracts

Security in development and support processes. To protect Supplier Information Processing Systems and system files containing Confidential Information, Supplier will: (a) Ensure that the implementation of changes is controlled by the use of formal change control procedures; (b) Employ appropriate industry best practice security controls to minimize information leakage; (c) Employ oversight quality controls and security management of software development; and (d) Employ system, application and source code scanning and analysis tools and a framework for remediation of findings. 9.4.1 Develop configuration standards for all system components that address all known security vulnerabilities and are consistent with industry-accepted system hardening standards as defined, for example, by SysAdmin Audit Network Security Institute (SANS), National Institute of Standards Technology (NIST), and Center for Internet Security (CIS).

Appears in 4 contracts

Samples: Global Services Agreement, Global Services Agreement, Global Services Agreement

AutoNDA by SimpleDocs
Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!