Common use of Use of IT-Equipment Clause in Contracts

Use of IT-Equipment. RESTREINT UE/EU RESTRICTED information must be stored on stand-alone computers or dedicated networks accredited for the processing and storage of EUCI, which may only be accessed by staff having a need to know the information. Laptops storing or processing RESTREINT UE/EU RESTRICTED information must be password protected, should have a hard disk encryption and must not be directly connected to the Internet. The following minimum security measures must be in place when processing RESTREINT UE/EU RESTRICTED information on IT systems:  managed access to system and hardware components (up-to-date lists of authorised users, storage in locked rooms);  proper identification and authentication features (passwords, log-in); positive identification of all users at the start of each processing session;  Passwords should have a minimum of six (preferably nine) characters and include alphabetical, numeric as well as special characters.  general protection against normally foreseeable accidents/mishaps and known recurrent problems (e.g. viruses and power supply variations);  software versions (floppy disks, CD ROMs) in use must be checked for presence of malicious software or computer viruses before starting work on RESTREINT UE/EU RESTRICTED information;  removable computer storage media (e.g. floppy discs, compact disks) to be stored as described under Section 5 above;  proper data backup with secure local or external storage;  anti-virus software (implementation, with updates, of an acceptable industry standard anti-virus software); such software must be verified at regular intervals to ensure their integrity and correct functioning;  no use of privately-owned removable computer storage media and software (e.g. floppy disks, compact disks) or other IT hardware like laptops or PCs;  no direct connection to Internet unless protected by firewall of an acceptable industry standard;  use of specific software tools designed for proper deletion of data;  proper instruction on the use of IT systems in place  proper security monitoring and auditing. The following events should be recorded:

Use of IT-Equipment. RESTREINT UE/EU RESTRICTED information must be stored on stand-alone computers or dedicated networks accredited for the processing and storage of EUCI, which may only be accessed by staff having a need to know the information. Laptops storing or processing RESTREINT UE/EU RESTRICTED information must be password protected, should have a hard disk encryption and must not be directly connected to the Internet. The following minimum security measures must be in place when processing RESTREINT UE/EU RESTRICTED information on IT systems:  ▪ managed access to system and hardware components (up-to-date lists of authorised users, storage in locked rooms);  ▪ proper identification and authentication features (passwords, log-in); positive identification of all users at the start of each processing session;  ▪ Passwords should have a minimum of six (preferably nine) characters and include alphabetical, numeric as well as special characters.  ▪ general protection against normally foreseeable accidents/mishaps and known recurrent problems (e.g. viruses and power supply variations);  ▪ software versions (floppy disks, CD ROMs) in use must be checked for presence of malicious software or computer viruses before starting work on RESTREINT UE/EU RESTRICTED information;  ▪ removable computer storage media (e.g. floppy discs, compact disks) to be stored as described under Section 5 above;  ▪ proper data backup with secure local or external storage;  ▪ anti-virus software (implementation, with updates, of an acceptable industry standard anti-virus software); such software must be verified at regular intervals to ensure their integrity and correct functioning;  ▪ no use of privately-owned removable computer storage media and software (e.g. floppy disks, compact disks) or other IT hardware like laptops or PCs;  ▪ no direct connection to Internet unless protected by firewall of an acceptable industry standard;  use of specific software tools designed for proper deletion of data;  proper instruction on the use of IT systems in place  proper security monitoring and auditing. The following events should be recorded:;

Use of IT-Equipment. RESTREINT UE/EU RESTRICTED information must be stored on stand-alone computers or dedicated networks accredited for the processing and storage of EUCI, which may only be accessed by staff having a need to know the information. Laptops storing or processing RESTREINT UE/EU RESTRICTED information must be password protected, should have a hard disk encryption and must not be directly connected to the Internet. The following minimum security measures must be in place when processing RESTREINT UE/EU RESTRICTED information on IT systems:  ▪ managed access to system and hardware components (up-to-date lists of authorised users, storage in locked rooms);  • proper identification and authentication features (passwords, log-in); positive identification of all users at the start of each processing session;  • Passwords should have a minimum of six (preferably nine) characters and include alphabetical, numeric as well as special characters.  • general protection against normally foreseeable accidents/mishaps and known recurrent problems (e.g. viruses and power supply variations);  • software versions (floppy disks, CD ROMs) in use must be checked for presence of malicious software or computer viruses before starting work on RESTREINT UE/EU RESTRICTED information;  • removable computer storage media (e.g. floppy discs, compact disks) to be stored as described under Section 5 above;  • proper data backup with secure local or external storage;  • anti-virus software (implementation, with updates, of an acceptable industry standard anti-virus software); such software must be verified at regular intervals to ensure their integrity and correct functioning;  • no use of privately-owned removable computer storage media and software (e.g. floppy disks, compact disks) or other IT hardware like laptops or PCs;  • no direct connection to Internet unless protected by firewall of an acceptable industry standard;  • use of specific software tools designed for proper deletion of data;  • proper instruction on the use of IT systems in place  • proper security monitoring and auditing. The following events should be recorded:

Use of IT-Equipment. RESTREINT UE/EU RESTRICTED information Information must be stored on stand-alone computers or dedicated networks accredited for the processing and storage of EUCIEU Classified Information, which may only be accessed by staff having a need to know the information. Laptops storing or processing RESTREINT UE/EU RESTRICTED information Information must be password protected, should have a hard disk encryption and must not be directly connected to the Internet. The following minimum security measures must be in place when processing RESTREINT UE/EU RESTRICTED information Information on IT systems:   managed access to system and hardware components (up-to-date lists of authorised users, storage in locked rooms);  proper identification and authentication features (passwords, log-in); positive identification of all users at the start of each processing session;  Passwords should have a minimum of six (preferably nine) characters and include alphabetical, numeric as well as special characters.  general protection against normally foreseeable accidents/mishaps and known recurrent problems (e.g. viruses and power supply variations);  software versions (floppy disks, CD ROMs) in use must be checked for presence of malicious software or computer viruses before starting work on RESTREINT UE/EU RESTRICTED informationInformation;  removable computer storage media (e.g. floppy discs, compact disks) to be stored as described under Section 5 6 above;  proper data backup with secure local or external storage;  anti-anti virus software (implementation, with updates, of an acceptable industry standard anti-virus software); such software must be verified at regular intervals to ensure their integrity and correct functioning;  no use of privately-owned removable computer storage media and software (e.g. floppy disks, compact disks) or other IT hardware like laptops or PCs;  no direct connection to Internet unless protected by firewall of an acceptable industry standardstandard ;  use of specific software tools designed for proper deletion of data;  proper instruction on the use of IT systems in place  proper security monitoring and auditing. The following events should be recorded:

Use of IT-Equipment. RESTREINT UE/EU RESTRICTED information Information must be stored on stand-alone computers or dedicated networks accredited for the processing and storage of EUCIEU Classified Information, which may only be accessed by staff having a need to know the information. Laptops storing or processing RESTREINT UE/EU RESTRICTED information Information must be password protected, should have a hard disk encryption and must not be directly connected to the Internet. The following minimum security measures must be in place when processing RESTREINT UE/EU RESTRICTED information Information on IT systems:  • managed access to system and hardware components (up-to-date lists of authorised users, storage in locked rooms);  • proper identification and authentication features (passwords, log-in); positive identification of all users at the start of each processing session;  • Passwords should have a minimum of six (preferably nine) characters and include alphabetical, numeric as well as special characters.  • general protection against normally foreseeable accidents/mishaps and known recurrent problems (e.g. viruses and power supply variations);  • software versions (floppy disks, CD ROMs) in use must be checked for presence of malicious software or computer viruses before starting work on RESTREINT UE/EU RESTRICTED informationInformation;  • removable computer storage media (e.g. floppy discs, compact disks) to be stored as described under Section 5 6 above;  • proper data backup with secure local or external storage;  anti-• anti virus software (implementation, with updates, of an acceptable industry standard anti-virus software); such software must be verified at regular intervals to ensure their integrity and correct functioning;  • no use of privately-owned removable computer storage media and software (e.g. floppy disks, compact disks) or other IT hardware like laptops or PCs;  • no direct connection to Internet unless protected by firewall of an acceptable industry standardstandard ;  • use of specific software tools designed for proper deletion of data;  • proper instruction on the use of IT systems in place  • proper security monitoring and auditing. The following events should be recorded: