Communications and Operations Management a. Network Penetration Testing - DST shall, on approximately an annual basis, contract with an independent third party to conduct a network penetration test on its network having access to or holding or containing Fund Data. DST shall have a process to review and evaluate high risk findings resulting from this testing.
Communications and Operations Management a. Network Penetration Testing - Transfer Agent shall, on approximately an annual basis, contract with an independent third party to conduct a network penetration test on its network having access to or holding or containing Fund Data. Transfer Agent shall have a process to review and evaluate high risk findings resulting from this testing.
Communications and Operations Management. The IT organization manages changes to the corporate infrastructure, systems and applications through a centralized change management program, which may include, testing, business impact analysis and management approval, where appropriate. Incident response procedures exist for security and data protection incidents, which may include incident analysis, containment, response, remediation, reporting and the return to normal operations. To protect against malicious use of assets and malicious software, additional controls may be implemented, based on risk. Such controls may include, but are not limited to, information security practices and standards; restricted access; designated development and test environments; virus detection on servers, desktops and notebooks; virus email attachment scanning; system compliance scans; intrusion prevention monitoring and response; logging and alerting on key events; information handling procedures based on data type, e-commerce application and network security; and system and application vulnerability scanning.
Communications and Operations Management. C.5 USBFS must implement and maintain controls to prevent and detect unauthorized access, intrusions, computer viruses and other malware on its Information Systems. At a minimum these must include: • Client and server-side antivirus programs that includes the latest antivirus definitions; • A process that would install for production, within 30 days, any critical patches or security updates; • Hardening and configuration requirements meeting industry best practices, and the information security Common Control Framework (CCF), which supports information security compliance efforts at U.S. Bank, N.A. (the “Bank”) by simplifying communication of compliance requirements across numerous external authorities. The information security CCF is a set of 181 harmonized controls that represent the Bank’s information security obligations under FFIEC, PCI, NIST 800-53 rev. 3 and SOX. These controls serve as a foundational component of information security policy by providing the minimum set of external information security obligations that the Bank is required to implement to meet all legal, regulatory and contractual obligations. In addition, CCF establishes the evidence requirements control owners must maintain and produce to demonstrate a CCF control is in place.
Communications and Operations Management. (a) Protections Against Malicious Code. OneStream will implement detection, prevention, and recovery controls designed to protect against Malicious Code, including, but not limited to:
Communications and Operations Management. Protections Against Malicious Code. Service Provider will implement detection, prevention, and recovery controls to protect against malicious software, which is no less than current industry best practice and perform appropriate employee training on the prevention and detection of malicious software. Back-ups. Service Provider will perform appropriate back-ups of Service Provider Information Processing Systems and media containing City Data every business day with end-of-month copy stored for 1-year in order ensuring services and service levels described in this Document. Service Provider maintains a plan for responding to a system emergency or other occurrence (for example, fire, vandalism, system failure and natural disaster) that damages systems that contain Sensitive Information and Internal Information. Media Handling. Service Provider will protect against unauthorized access or misuse of City Data contained on media. Media and Information Disposal. Service Provider will securely and safely dispose of media containing Sensitive Information: Maintaining a secured disposal log that provides an audit trail of disposal activities.
Communications and Operations Management. 8.1. All technology teams will maintain internal libraries of standard operating procedures that cover the installation, configuration. maintenance, and administration of the Agent systems. networks , and business applications.
Communications and Operations Management. The operation of systems and applications that support the Lative Services are subject to documented operating procedures. • The operations team maintains hardened standard server configurations. Systems are deployed and configured in a uniform manner using configuration management systems. • Lative maintains change control programs for development, operations, and Information Technology teams. • Separate environments are maintained to allow for the testing of changes. • The organization maintains documented backup procedures. Full backups are performed daily for all production databases. Customer Content backups are transferred to an offsite location and stored encrypted for at least 30 days. • All systems and network devices are synchronized to a reliable/ and accurate time source via the “Network Time Protocol” (NTP) • All servers are configured to log authorized access, privileged operations (administrator actions), and unauthorized access attempts. All servers are logging executed commands via the sudo utility. • Log files are transmitted to and stored in a separate log server to protect against modification or loss. • All event-alerting tools escalate into pager notifications for the 24x7 incident response teams, providing Operations, Network Engineering, and the Security teams, as needed.
Communications and Operations Management. ● The operation of systems and applications that support the Service is subject to documented operating procedures. ● The System Administration team maintains standard server configurations. ● Separate environments are maintained to allow for the testing of changes. ● Third-party access to MaxMind systems is regularly audited. ● The organization maintains documented backup procedures. Full backups are performed regularly for all production databases. Data backups are transferred to an offsite location on a regular schedule and are stored encrypted. ● All systems and network devices are synchronized to a reliable and accurate time source via the “Network Time Protocol” (NTP). ● All high priority event-alerting tools escalate into notifications for MaxMind’s 24x7 incident response teams, providing the System Administration team with alerts, as needed.
Communications and Operations Management a. Network Penetration Testing - State Street will, on approximately an annual basis but in no event less frequently than every eighteen (18) months, contract with an independent third party to conduct a network penetration test on its network having access to or holding or containing Client Data. If penetration testing reveals material deficiencies or vulnerabilities, the findings will be risk rated consistent with industry standards and timeframes will be defined for remediating vulnerabilities (other than medium or low risk vulnerabilities) consistent with industry standards and taking into account any mitigation efforts taken by State Street with respect to such vulnerabilities
