Information Security Policies. The Data Recipient must have in place and adhere to internal information security and privacy policies that address the roles and responsibilities of the Data Recipient's personnel, including both technical and non-technical personnel, who have direct or indirect access to the Data. These internal security and privacy policies must, at a minimum, include: security policy; organization of information security; asset management; human resources security; physical and environment security; communications and operations management; access control; information systems procurement, development and maintenance; information security incident management; business continuity management; and compliance.
Appears in 3 contracts
Sources: Principal Underwriter Agreement (Separate Account Vl I of Talcott Resolution Life & Annuity Insurance Co), Administrative Services Agreement (Hartford Life Insurance Co Separate Account Vl Ii), Administrative Services Agreement (Hartford Life & Annuity Insurance Co Sep Account Vl I)
Information Security Policies. The Data Recipient must have in place and adhere to internal information security and privacy policies that address the roles and responsibilities of the Data Recipient's ’s personnel, including both technical and non-technical personnel, who have direct or indirect access to the Data. These internal security and privacy policies must, at a minimum, include: security policy; organization of information security; asset management; human resources security; physical and environment security; communications and operations management; access control; information systems procurement, development and maintenance; information security incident management; business continuity management; and compliance.
Appears in 1 contract
Sources: Administrative Services Agreement (Union Security Insurance Co Variable Account C)