Data Security Policies. The Researcher and the Researcher’s Institution (where applicable) must have an information technology (IT) policy in place that addresses at a minimum the following items: Logging and auditing of access to data and the computer network, with the inability for data users to delete logs; Password protection of the personal computer or laptop with minimum password requirements as follows: o Policy must be updated every 90 days o Be at least seven characters o Must contain both alpha and numeric characters o must contain one capital letter o May not be the same as an of an individual’s previous four passwords Virus and malware protection of the computer network; Proper firewalls in place; Auditable data destruction procedure; Secure data backup procedure; and Strong encryption on any portable device which may store or provide access to MSSNG Data.
Appears in 4 contracts
Samples: Access Agreement, Access Agreement, Access Agreement