User Access Management. OneStream will:
User Access Management. Matterport will maintain logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions, (e.g., granting access on a need-to-know and least privilege basis, use of unique IDs and passwords for all users, periodic review, and revoking/changing access promptly when employment terminates or changes in job functions occur). • Password Management. Matterport will maintain password controls designed to manage and control password strength, expiration, and usage including prohibiting users from sharing passwords. Matterport shall ensure password hardening standards are in place that align with accepted industry security frameworks to ensure sufficient controls. • Workstation Protection. Matterport will implement protections on end-user devices and monitor those devices to be in compliance with the security standard requiring screen lock timeout, malware software, firewall software, remote administration, unauthenticated file sharing, hard disk encryption and appropriate patch levels. Controls are implemented to detect and remediate workstation compliance deviations. Matterport will securely sanitize physical media intended for reuse prior to such reuse and will destroy physical media not intended for reuse. • Media Handling. Matterport will implement protections to secure portable storage media from damage, destruction, theft or unauthorized copying and the personal data stored on portable media through encryption and secure removal of data when it is no longer needed. Additional similar measures will be implemented for mobile computing devices to protect personal data.
User Access Management. To protect against unauthorized access or misuse of Recipient Confidential Information residing on Provider Information Processing Systems, Provider will:
User Access Management. The Supplier has a duty to limit access to personal data on a "need to know" basis. The Supplier is required to assess the nature of access allowed to an individual user. The Supplier agrees that individual staff members shall only have access to data which they require in order to perform their duties, prevent use of shared credentials (multiple individuals using a single username and password) and detect use of default passwords. Accesscontrol must be supported by regular reviews to ensure that all authorized access to personal data is strictlynecessary and justifiable for the performance of a function. The Supplier has policies in place regarding vetting and oversight of the staff members allocated these accounts. A staff member with similar responsibilities should have separate user and administrator accounts. Multiple independent levels of authentication may be appropriate where administrators have advanced or extra access to personal data or where they have access or control of other’s account or security data. The Supplier agrees to have strict controls on the ability to download personal data from an organization’s systems. The Supplier agrees to block such downloading by technical means (disabling drives, isolating network areas or segments, etc.). User registration and deregistration A formal process should exist to management the assignment, adjustment, and revoking of access rights, considering scenarios such as starters/leavers as well as changing of jobs internally within the organization ISO 27001 A.9.2.1 ISO 27001 A.9.2.2 ISO 27001 A.9.2.6
User Access Management. To protect against unauthorized access or misuse of Confidential Information residing on Supplier Information Processing Systems, Supplier will:
User Access Management. 5.1.1 Management of Client and Avanade user accounts within Avanade systems shall fol- low Avanade's corporate access control procedures. X X
User Access Management. Alteryx implements access control policies to support creation, amendment, and deletion of user accounts for systems or applications storing or allowing access to Licensee Content. Alteryx’s user account and access provisioning process assigns and revokes access rights to systems and applications, restricting access to only those Alteryx personnel and Subprocessors that require access, and solely to the extent so required, to fulfill Alteryx’s obligations under the Agreement or to comply with applicable law.
User Access Management i. A formal user registration and de-registration process is implemented to enable assignment of access rights.
User Access Management. Data Processor shall ensure authorized user access only and prevent unauthorized access to systems and services. Minimum requirements:
User Access Management. To protect against unauthorized access or misuse of Protected Information TrueCar will:
