Security in development and support processes. To protect Supplier Information Processing Systems and system files containing Confidential Information, Supplier will: (a) Ensure that the implementation of changes is controlled by the use of formal change control procedures; (b) Employ appropriate industry best practice security controls to minimize information leakage; (c) Employ oversight quality controls and security management of software development; and (d) Employ system, application and source code scanning and analysis tools and a framework for remediation of findings. 9.4.1 Develop configuration standards for all system components that address all known security vulnerabilities and are consistent with industry-accepted system hardening standards as defined, for example, by SysAdmin Audit Network Security Institute (SANS), National Institute of Standards Technology (NIST), and Center for Internet Security (CIS).
Appears in 4 contracts
Samples: Global Services Agreement, Global Services Agreement, Global Services Agreement