Security Vulnerabilities Sample Clauses

Security Vulnerabilities. We have made architectural choices that make vulnerabilities more difficult to introduce. For example, the identity and privilege level of the remote user is threaded throughout the application, all the way to the datastore, which enforces access rules in a testable, auditable place. The peer-code review process serves as a backstop against intentional or accidental vulnerabilities. We use automated static analysis tools that alert us to potential security problems in the code, and those checks must pass in order for code to get deployed. We have automated tools that monitor for security vulnerabilities in the third-party code dependencies and automatically propose patch updates. We rely on AWS’s mature vulnerability management practice for patching known vulnerabilities at the operating system, virtualization, and hardware layers. We divide our systems into separate environments for development, staging and production. Each environment is an independent domain with respect to network access control, service account credentials, and secrets. No access to the production, staging or development environments is allowed except on known protocols and ports via our front-end load balancers. All access to our services from user devices, or between our client software and our service is protected by TLS version 1.2 or higher. Our public endpoints, (for example, xxxxxxx.xx) receive an A+ rating from Qualys SSL Labs. To minimize the risk of data exposure, Nametag adheres to the principle of least privilege. Employees are only authorized to access data that they reasonably must handle in order to do their job: all engineers have access to their development environments, fewer engineers have access to the staging environment (only those who need access to perform their jobs), and far fewer have access to the production environment. All internal systems require our employees to authenticate with unique user accounts. Personal Information received from Customers or End Users in Asia, North America or South America will be stored and processed in the United States. Personal Information received from Customers or End Users in Europe or Africa will be stored and processed in Ireland or Germany. All employees complete mandatory security awareness training once per year. In addition to general resistance to online threats, we teach our staff to resist social engineering attacks through our support channels. All employees are trained in protecting the identities and confident...
Sample 1Sample 2See All (4)
AutoNDA by SimpleDocs
Security Vulnerabilities. Security Vulnerability” means any set of conditions that leads or may lead to an implicit or explicit failure of the confidentiality, integrity or availability of the Subscription Service or other offering of ServiceNow, including, by way of example only: (a) executing commands as another user; (b) accessing data in excess of specified or expected permissions; (c) posing as another user or service within a system; (d) causing an abnormal denial of service; (e) inadvertently or intentionally destroying data without permission; or (f) exploiting any encryption implementation weakness (such as to reduce the time or computation required to recover the plaintext from an encrypted message). Immediately upon identification of any Security Vulnerability, Participant shall notify ServiceNow by email to xxxxxxx.xxxxxxxx@xxxxxxxxxx.xxx so that ServiceNow may initiate an investigation. Any such notice and discussions regarding a Security Vulnerability shall be treated as ServiceNow Confidential Information, and ServiceNow shall determine the appropriate remedy for any Security Vulnerability in its sole discretion. Participant shall not disclose any Security Vulnerability to the public, customers, partners or any third party without ServiceNow’s express prior written approval.
Sample 1

Related to Security Vulnerabilities

  • Vulnerability Management BNY Mellon will maintain a documented process to identify and remediate security vulnerabilities affecting its systems used to provide the services. BNY Mellon will classify security vulnerabilities using industry recognized standards and conduct continuous monitoring and testing of its networks, hardware and software including regular penetration testing and ethical hack assessments. BNY Mellon will remediate identified security vulnerabilities in accordance with its process.

  • Security Measures Lessee hereby acknowledges that the rental payable to Lessor hereunder does not include the cost of guard service or other security measures, and that Lessor shall have no obligation whatsoever to provide same. Lessee assumes all responsibility for the protection of the Premises, Lessee, its agents and invitees and their property from the acts of third parties.

  • Safeguarding and Protecting Children and Vulnerable Adults The Supplier will comply with all applicable legislation and codes of practice, including, where applicable, all legislation and statutory guidance relevant to the safeguarding and protection of children and vulnerable adults and with the British Council’s Child Protection Policy, as notified to the Supplier and amended from time to time, which the Supplier acknowledges may include submitting to a check by the UK Disclosure & Barring Service (DBS) or the equivalent local service; in addition, the Supplier will ensure that, where it engages any other party to supply any of the Services under this Agreement, that that party will also comply with the same requirements as if they were a party to this Agreement.

  • Security Safeguards Contractor shall store and process District Data in accordance with commercial best practices, including implementing appropriate administrative, physical, and technical safeguards that are no less rigorous than those outlined in SANS Top 20 Security Controls, as amended, to secure such data from unauthorized access, disclosure, alteration, and use. Contractor shall ensure that all such safeguards, including the manner in which District Data is collected, accessed, used, stored, processed, disposed of and disclosed, comply with all applicable federal and state data protection and privacy laws, regulations and directives, including without limitation C.R.S. § 00-00-000 et seq., as well as the terms and conditions of this Addendum. Without limiting the foregoing, and unless expressly agreed to the contrary in writing, Contractor warrants that all electronic District Data will be encrypted in transmission and at rest in accordance with NIST Special Publication 800-57, as amended.

  • Abuse and Neglect of Children and Vulnerable Adults: Abuse Registry Party agrees not to employ any individual, to use any volunteer or other service provider, or to otherwise provide reimbursement to any individual who in the performance of services connected with this agreement provides care, custody, treatment, transportation, or supervision to children or to vulnerable adults if there has been a substantiation of abuse or neglect or exploitation involving that individual. Party is responsible for confirming as to each individual having such contact with children or vulnerable adults the non-existence of a substantiated allegation of abuse, neglect or exploitation by verifying that fact though (a) as to vulnerable adults, the Adult Abuse Registry maintained by the Department of Disabilities, Aging and Independent Living and (b) as to children, the Central Child Protection Registry (unless the Party holds a valid child care license or registration from the Division of Child Development, Department for Children and Families). See 33 V.S.A. §4919(a)(3) and 33 V.S.A. §6911(c)(3).

  • Security Protocols Both parties agree to maintain security protocols that meet industry standards in the transfer or transmission of any data, including ensuring that data may only be viewed or accessed by parties legally allowed to do so. Provider shall maintain all data obtained or generated pursuant to the Service Agreement in a secure digital environment and not copy, reproduce, or transmit data obtained pursuant to the Service Agreement, except as necessary to fulfill the purpose of data requests by LEA.

  • Measures SAP protects its assets and facilities using the appropriate means based on the SAP Security Policy • In general, buildings are secured through access control systems (e.g., smart card access system). • As a minimum requirement, the outermost entrance points of the building must be fitted with a certified key system including modern, active key management. • Depending on the security classification, buildings, individual areas and surrounding premises may be further protected by additional measures. These include specific access profiles, video surveillance, intruder alarm systems and biometric access control systems. • Access rights are granted to authorized persons on an individual basis according to the System and Data Access Control measures (see Section 1.2 and 1.3 below). This also applies to visitor access. Guests and visitors to SAP buildings must register their names at reception and must be accompanied by authorized SAP personnel. • SAP employees and external personnel must wear their ID cards at all SAP locations.

  • Safety Measures Awarded vendor shall take all reasonable precautions for the safety of employees on the worksite, and shall erect and properly maintain all necessary safeguards for protection of workers and the public. Awarded vendor shall post warning signs against all hazards created by the operation and work in progress. Proper precautions shall be taken pursuant to state law and standard practices to protect workers, general public and existing structures from injury or damage.

  • Security Management The Contractor shall comply with the requirements of the DOD 5200.1-M and the DD Form 254. Security of the Contractor’s electronic media shall be in accordance with the above documents. Effective Program Security shall require the Contractor to address Information Security and Operations Security enabled by the Security Classification Guides. The Contractor’s facility must be able to handle and store material up to the Classification Level as referenced in Attachment J-01, DD Form 254.

  • Security Standards The Provider shall implement and maintain commercially reasonable security procedures and practices that otherwise meet or exceed industry standards designed to protect Student Data from unauthorized access, destruction, use, modification, or disclosure, including but not limited to the unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of the Student Data (a "Security Breach"). For purposes of the DPA and this Exhibit G, "Security Breach" does not include the good faith acquisition of Student Data by an employee or agent of the Provider or LEA for a legitimate educational or administrative purpose of the Provider or LEA, so long as the Student Data is used solely for purposes permitted by SOPPA and other applicable law, and so long as the Student Data is restricted from further unauthorized disclosure.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!