Common use of Information Security Program Requirements Clause in Contracts

Information Security Program Requirements. At minimum, Company’s Information Security Program shall incorporate policies and procedures consistent with then current industry standards for the following:  Access Control (including the use of unique IDs and passwords for all users)  Malware Prevention and Protection  Patch and Vulnerability Management  System Configuration and Hardening  Logging of Security Events and Access to AHS Information  Network Security and Firewall Management  Security of Wireless Technology and Wireless Networks  Application and Network Security Testing, as applicable 5. Personnel Security.

Information Security Program Requirements. At minimum, Company’s Information Security Program shall incorporate policies and procedures consistent with then then-current industry standards for the following:  Access Control : 1. access control (including the use of unique IDs and passwords for all users)  Malware Prevention ); 2. malware prevention and Protection  Patch protection; 3. patch and Vulnerability Management  System Configuration vulnerability management; 4. system configuration and Hardening  Logging hardening; 5. logging of Security Events Incidents, Security Breaches and Access access to AHS Information  Network Security and Firewall Management  Security of Wireless Technology and Wireless Networks  Application and Network Security Testing, as applicable 5. Personnel Security.Information;