Application Software Security Clause Samples

Application Software Security. For all software and applications developed in-house or procured from third party developers ensure software is developed and tested secure software development lifecycle practices pursuant to a documented development processes that explicitly addresses security requirements and identifies the standards and tools used in the development process.

Application Software Security. Web application firewalls (WAFs) must be deployed to protect internet-accessible web applications. For vendors that store, process, transmit or handle cardholder data: ● Comply with and provide Hyatt with Payment Card Industry Data Security Standard (PCI DSS) Attestation of Compliance (AOC) on an annual basis. This Schedule provides a summary of the OTA Insight security controls and policies. These controls and policies are aligned with the ISO 27001 standard for information security. OTA Insight is ISO 27001 certified. A copy of this certificate is available upon request. OTA Insight is a cloud-based data intelligence platform for the hospitality industry. We provide hoteliers with a suite of revenue management solutions that empower them to make smarter revenue and distribution decisions. Our products are: ● Rate Insight ● Parity Insight ● Revenue Insight ● Market Insight These products are web applications which communicate over a secure channel (HTTPS, TLSv1.2) - and are subject to a yearly penetration test to assess the effectiveness of the security controls that are in place. The applications do not interact with any guests and are targeted at customer usage only. The applications provide authentication capabilities (e.g. a login portal) to access the web application functionality. The registered accounts will be linked to the subscription to the application. Currently, the applications do not support a single sign-on capability. The web applications require an up-to-date browser. The supported browser versions* are: ○ Chrome 67 ○ Firefox 52 ○ Edge 14 ○ Safari 9 ○ Opera 50 *or any later versions of the aforementioned browsers. *or any later versions of the aforementioned browsers. The OTA Insight products are developed using a Secure SDLC process with several controls in place (e.g. Four-eyed coding principle for any change, automated testing, etc.) Furthermore, the OTA Insight applications are subject to a yearly penetration test to find and remediate any potential security flaws within the application. Employees working for OTA Insight are made aware of their responsibilities in terms of information security. Before employment, they are vetted based on the position and level of system access they will have within the company. The OTA Insight Products (including any customer and app data) are Cloud based and stored within the European Union, using Google Cloud infrastructure for hosting the applications. The OTA Insight applications are monitored 24...