Common use of Logical Access Control Clause in Contracts

Logical Access Control. No unauthorized access to data processing systems is granted. Access to our electronic data pro- cessing systems through external interfaces is firewall protected. Sensitive services, which must not be accessible publicly, are protected through a VPN. Publicly accessible systems, such as email and internet access are isolated from other services through appropriate segmentation. HWD operates diverse, depending on the security classification, in part physically separated networks. All systems are password-protected and only allow user-specific access. Group access is not implemented. In addition to strong password requirements on the basis of internal password guidelines, a 2-factor-authentica- tion system is used for authentication on sensitive systems of HWD. HWD’s password policy, besides defining password complexity requirements, also includes additional framework parameters, such as the mandatory password resetting within defined terms, as well as prohibiting reuse of the same password. Access privileges to customer equipment are handled in detail according to specific customer instruc- tion and based on the services provided by HWD. According to HWD internal policies, depending on system type and classification, failed login attempts are responded to in different appropriate manners. Along with temporary access blocking, dynamic addition of network blocking, or permanent access removal, also logging and alerting takes place.