Compensating Controls definition

Compensating Controls means alternative mechanisms that are put in place to satisfy the requirement for a security measure that is determined by the Chief Information Security Officer or his or her designee to be impractical to implement at the present time due to legitimate technical or business constraints. Such alternative mechanisms must: (1) meet the intent and rigor of the original stated requirement; (2) provide a similar level of security as the original stated requirement; (3) be up-to-date with current industry accepted security protocols; and (4) be commensurate with the additional risk imposed by not adhering to the original stated requirement. The determination to implement such alternative mechanisms must be accompanied by written documentation demonstrating that a risk analysis was performed indicating the gap between the original security measure and the proposed alternative measure, that the risk was determined to be acceptable, and that the Chief Information Security Officer or his or her designee agrees with both the risk analysis and the determination that the risk is acceptable.
Compensating Controls means alternative mechanisms that are put in place to satisfy the requirement for a security measure that is determined by the Chief Information Security Officer or his or her designee to be impractical to implement at the present time due to
Compensating Controls means mechanisms put in place to satisfy a security requirement that are not explicitly as stated, due to legitimate technical or documented business constraints, but still sufficiently mitigate the risk associated with the requirement. Compliance means evidence of having met a specific set of policies, standards, laws, frameworks regulations, etc. Concurrent sessions means when there is more than one user accessing the same computer resource at the same time or in the same predefined period of time Configuration means any arrangements to code, updates, patches and processes to an Information Resource.

Examples of Compensating Controls in a sentence

  • Please note that any proposed compensating controls and/or requirement modifications must be noted in Appendix A - Compensating Controls to Security and Privacy Requirements.

  • Please note that any proposed Compensating Controls and/or requirement modifications must be noted in Appendix A - Compensating Controls to Security and Privacy Requirements.

  • Compensating ControlsOn an annual basis, any compensating controls must be documented, reviewed and validated by the assessor and included with the Report on Compliance submission, per Appendix B: Compensating Controls and Appendix C: Compensating Controls Worksheet.

  • If that vulnerability cannot be remediated as indicated above, then Blackbaud shall within twenty-four (24) hours of the identification of such vulnerability: (a) implement Compensating Controls; or (b) take the application or functionality of the application affected by such vulnerability offline until such vulnerability is remediated or Compensating Controls have been successfully applied.

  • Please note that any proposed compensating controls to the security and privacy requirements outlined in this supplement are required to be identified in Appendix A – Compensating Controls to Security and Privacy Requirements.


More Definitions of Compensating Controls

Compensating Controls means alternative mechanisms that are put in place to satisfy the requirement for a security measure that is determined by the Chief Information Security Officer or his or her designee(s) to be impractical to implement at the present time due to legitimate technical or business constraints. Such alternative mechanisms must: (1) meet the intent of the original stated requirement; (2) provide a similar level of security as the
Compensating Controls means actions or processes that yield a similar output to standard operating procedures, but that are temporary in nature.
Compensating Controls means alternative mechanisms that are put in place to satisfy the requirement for a security measure that is determined by the Chief
Compensating Controls means alternative mechanisms that are put in place to satisfy the requirement for a security measure that is determined by the Chief Information Security Officer or his or her designee to be impractical or unreasonable to implement at the applicable time due to legitimate technical or business constraints. Such alternative mechanisms must: (a) meet the intent and rigor of the original stated requirement; (b) provide a similar level of security as the original stated requirement; (c) be materially and substantively up-to-date with current industry accepted security protocols; and (d) be commensurate with the additional risk imposed by not adhering to the original stated requirement. The determination to implement such alternative mechanisms must be accompanied by written documentation demonstrating that a risk analysis was performed indicating the gap between the original security measure and the proposed alternative measure, that the risk was determined to be acceptable, and that the Chief Information Security Officer or his or her designee agrees with both the risk analysis and the determination that the risk is acceptable. Compensating Controls shall not be utilized as permanent alternative security measures and shall be reevaluated for security effectiveness at least every ninety (90) days to determine whether to retain the Compensating Control as the appropriate security measure or to implement an alternative as the permanent security measure. Written security effectiveness documentation shall be prepared and reviewed by the Chief Information Security Officer or his or her designee and shall be kept for a period of one (1) year following the termination of usage of any such alternative mechanism.
Compensating Controls means alternative mechanisms that are put in place to satisfy the requirement for a security measure that is determined by the Chief Information Security Officer or his or her designee to be impractical to implement at the present time due to legitimate technical or business constraints. Compensating Controls must be suitable to protect the system and consistent with current industry accepted security protocols. The determination to implement Compensating Controls must be accompanied by written documentation demonstrating that a risk analysis was performed indicating the gap between the original security measure and the proposed alternative measure, that the Compensating Control was determined to be acceptable in light of such risk, and that the Chief Information Security Officer agrees
Compensating Controls means the definition in PCI DSS Appendix B of “Compensating Controls.”
Compensating Controls means alternative mechanisms that are put in place to satisfy the requirement for a security measure that is determined by the Chief Information Security Officer or his or her designee to be impractical or unreasonable to implement at the applicable time due to legitimate technical or business constraints. Such alternative mechanisms must: (a) meet the intent and rigor of the original stated requirement; (b) provide a similar level of security as the original stated requirement; (c) be materially and substantively up-to-date with current industry accepted security protocols; and (d) be commensurate with the additional risk imposed by not adhering to the original stated