Access Control to Data Processing Systems. Processes to prevent data processing systems from being used by unauthorized persons, to include: a. identification of the terminal and/or the terminal user to the data processor systems; b. automatic time-out of user terminal if left idle, identification and password required to reopen; c. regular examination of security risks by internal personnel and qualified third-parties; ▇. ▇▇▇▇▇▇▇ and safeguarding of identification codes; e. password complexity requirements (minimum length, required character classes, etc.); f. enforcing the use of multifactor authentication; and g. protection against external access by means of firewall and network access controls.
Appears in 2 contracts
Sources: European Data Transfer Terms, Data Processing Agreement