Security Standards and Controls Sample Clauses

Security Standards and Controls. (a) Voya will establish and maintain: (i) administrative, technical, and physical safeguards against the destruction, loss, or alteration of confidential Information; and (ii) Appropriate security measures to protect Confidential Information, which measures meet or exceed the requirements of all applicable Laws relating to personal information security. (b) In addition, Voya will implement and maintain the following information security controls: (i) Privileged access rights will be restricted and controlled; (ii) An inventory of assets relevant to the lifecycle of information will be maintained; (iii) Network security controls will include, at a minimum, firewall and intrusion prevention services; (iv) Detection, prevention and recovery controls to protect against malware will be implemented; (v) Information about technical vulnerabilities of Voya’s information systems will be obtained and evaluated in a timely fashion and appropriate measures taken to address the risk; (vi) Detailed event logs recording user activities, exceptions, faults, access attempts, operating system logs, and information security events will be produced, retained and regularly reviewed as needed;and (vii) Development, testing and operational environments will be separated to reduce the risks of unauthorized access or changes to the operational environment.

Security Standards and Controls. (a) Administrator will establish, maintain and periodically review (no less frequently than annually): (i) administrative, technical, and physical safeguards against the destruction, loss, or alteration of Confidential Information; and (ii) appropriate security measures to protect Confidential Information, which measures meet or exceed the requirements of all Applicable Laws relating to personal information security. (b) Policies designed to protect the privacy of individuals will, where practical, be embedded into the design, and specifications of Administrator’s technologies, business practices, and physical infrastructures using industry standard practices designed to minimize privacy risks to individuals (commonly referred to as “privacy by design”). (c) Without limiting the generality of the foregoing, Administrator will implement and maintain the following information security controls: (i) privileged access rights will be restricted and controlled; (ii) an inventory of assets relevant to the lifecycle of information will be maintained; (iii) network security controls will include, at a minimum, firewall and IDS services; (iv) detection, prevention and recovery controls to protect against malware will be implemented; (v) information about technical vulnerabilities of Administrator’s information systems will be obtained and evaluated in a timely fashion and appropriate measures taken to address the risk; (vi) detailed event logs recording user activities, access attempts and information security events will be retained and regularly reviewed, if produced; (vii) development, testing, and operational environments will be separated to reduce the risks of unauthorized access or changes to the operational environment; and (viii) within a cloud environment, the network will be segregated so that data including Confidential Information is separated from all other customers’ data using perimeter security mechanisms such as firewalls.

Security Standards and Controls. Administrator will establish, maintain and periodically review (no less frequently than annually):

Security Standards and Controls. Supplier will establish and maintain (i) administrative, technical, and physical safeguards against the destruction, loss, or alteration of Confidential Information; and (ii) appropriate security measures to protect Confidential Information, which measures meet or exceed the requirements of applicable laws relating to personal information security. In addition, Supplier will implement and maintain the following information security controls: a) privileged access rights will be restricted and controlled; b) an inventory of assets will be maintained; c) network security controls will include, at a minimum, firewall and IDS services; d) detection and prevention controls to protect against malware will be implemented; e) information about technical vulnerabilities of Supplier’s information systems will be obtained and evaluated in a timely fashion and appropriate measures taken to address the risk; f) detailed event logs recording user exceptions, faults, access attempts, operating system logs, and information security events will be produced, retained and regularly reviewed;