Compensating Controls means alternative mechanisms that are put in place to satisfy the requirement for a security measure that is determined by the Chief Information Security Officer or his or her designee to be impractical to implement at the present time due to legitimate technical or business constraints. Such alternative mechanisms must: (1) meet the intent and rigor of the original stated requirement; (2) provide a similar level of security as the original stated requirement; (3) be up-to-date with current industry accepted security protocols; and (4) be commensurate with the additional risk imposed by not adhering to the original stated requirement. The determination to implement such alternative mechanisms must be accompanied by written documentation demonstrating that a risk analysis was performed indicating the gap between the original security measure and the proposed alternative measure, that the risk was determined to be acceptable, and that the Chief Information Security Officer or his or her designee agrees with both the risk analysis and the determination that the risk is acceptable.
Compensating Controls means alternative mechanisms that are put in place to satisfy the requirement for a security measure that is determined by the Chief Information Security Officer or his or her designee to be impractical to implement at the present time due to
Compensating Controls means alternative mechanisms that are put in place to satisfy the requirement for a security measure that is determined by the Chief Information Security Officer or his or her designee to be impractical or unreasonable to implement at the applicable time due to legitimate technical or business constraints. Such alternative mechanisms must: (a) meet the intent and rigor of the original stated requirement; (b) provide a similar level of security as the original stated requirement; (c) be materially and substantively up-to-date with current industry accepted security protocols; and (d) be commensurate with the additional risk imposed by not adhering to the original stated requirement. The determination to implement such alternative mechanisms must be accompanied by written documentation demonstrating that a risk analysis was performed indicating the gap between the original security measure and the proposed alternative measure, that the risk was determined to be acceptable, and that the Chief Information Security Officer or his or her designee agrees with both the risk analysis and the determination that the risk is acceptable. Compensating Controls shall not be utilized as permanent alternative security measures and shall be reevaluated for security effectiveness at least every ninety (90) days to determine whether to retain the Compensating Control as the appropriate security measure or to implement an alternative as the permanent security measure. Written security effectiveness documentation shall be prepared and reviewed by the Chief Information Security Officer or his or her designee and shall be kept for a period of one (1) year following the termination of usage of any such alternative mechanism.
Examples of Compensating Controls in a sentence
Method(s) used: ☐ Pseudonymized ☐ Anonymized ☐ De-Identified ☐ Masked/Scrambled ☐ Other Compensating Controls: [Insert identified controls: _ ] ☐ None Notices If Avanade will collect Client Personal Data from Data Subjects on Client’s behalf as part of the Services, Avanade will, as directed by Client, use a privacy notice and/or consent request mechanism provided or expressly approved by Client.
More Definitions of Compensating Controls
Compensating Controls means mechanisms put in place to satisfy a security requirement that are not explicitly as stated, due to legitimate technical or documented business constraints, but still sufficiently mitigate the risk associated with the requirement. TERM DEFINITION Compliance means evidence of having met a specific set of policies, standards, laws, frameworks regulations, etc. Concurrent sessions means when there is more than one user accessing the same computer resource at the same time or in the same predefined period of time Configuration means any arrangements to code, updates, patches and processes to an Information Resource.
Compensating Controls means alternative mechanisms that are put in place to satisfy the requirement for a security measure that is determined by the Chief Information Security Officer or his or her designee(s) to be impractical to implement at the present time due to legitimate technical or business constraints. Such alternative mechanisms must: (1) meet the intent of the original stated requirement; (2) provide a similar level of security as the
Compensating Controls means alternative mechanisms that are put in place to satisfy the requirement for a security measure that is determined by the Chief Information Security Officer or his or her designee to be impractical to implement at the present time due to legitimate technical or business constraints. Compensating Controls must be suitable to protect the system and consistent with current industry accepted security protocols. The determination to implement Compensating Controls must be accompanied by written documentation demonstrating that a risk analysis was performed indicating the gap between the original security measure and the proposed alternative measure, that the Compensating Control was determined to be acceptable in light of such risk, and that the Chief Information Security Officer agrees
Compensating Controls means actions or processes that yield a similar output to standard operating procedures, but that are temporary in nature.
Compensating Controls means alternative mechanisms that are put in place to satisfy the requirement for a security measure that is determined by the Chief