Maintain an Information Security Policy. 4.1 Develop and follow a security plan to protect the confidentiality and integrity of personal consumer information as required under the GLB Safeguards Rule. 4.2 Suitable to complexity and size of the organization, establish and publish information security and acceptable user policies identifying user responsibilities and addressing requirements in line with this document and applicable laws and regulations. 4.3 Establish processes and procedures for responding to security violations, unusual or suspicious events and similar incidents to limit damage or unauthorized access to information assets and to permit identification and prosecution of violators. If you believe Experian data may have been compromised, immediately notify CISCO Credit within twenty-four (24) hours or per agreed contractual notification timeline (See also Section 8). 4.4 The FACTA Disposal Rules requires that Company implement appropriate measures to dispose of any sensitive information related to consumer credit reports and records that will protect against unauthorized access or use of that information. 4.5 Implement and maintain ongoing mandatory security training and awareness sessions for all staff to underscore the importance of security in the organization. 4.6 When using third party service providers (e.g. application service providers) to access, transmit, store or process Experian data, ensure that service provider is compliant with the 03/2016 CISCO Credit Public Page 3 of 10 Reseller ASR for End Users Experian Independent Third Party Assessment (EI3PA) program, and registered in Experian’s list of compliant service providers. If the service provider is in the process of becoming compliant, it is Company’s responsibility to ensure the service provider is engaged with Experian and an exception is granted in writing. Approved certifications in lieu of EI3PA can be found in the Glossary section.
Appears in 1 contract
Sources: Credit Reporting Services Agreement
Maintain an Information Security Policy. 4.1 Develop and follow a security plan to protect the confidentiality and integrity of personal consumer information as required under the GLB Safeguards Rule.
4.2 Suitable to complexity and size of the organization, establish and publish information security and acceptable user policies identifying user responsibilities and addressing requirements in line with this document and applicable laws and regulations.
4.3 Establish processes and procedures for responding to security violations, unusual or suspicious events and similar incidents to limit damage or unauthorized access to information assets and to permit identification and prosecution of violators. If you believe Experian RPS data may have been compromised, immediately notify CISCO Credit RPS within twenty-four (24) hours or per agreed contractual notification timeline (See also Section 8)timeline.
4.4 The FACTA Disposal Rules requires that Company Client implement appropriate measures to dispose of any sensitive information related to consumer credit reports and records that will protect against unauthorized access or use of that information.
4.5 Implement and maintain ongoing mandatory security training and awareness sessions for all staff to underscore the importance of security in the organization.
4.6 When using third party service providers (e.g. application service providers) to access, transmit, store or process Experian RPS data, ensure that service provider is compliant with the 03/2016 CISCO Credit Public Page 3 of 10 Reseller ASR for End Users Experian Independent Third Party Assessment (EI3PA) program, RPS’s requirements stated herein and registered in Experian’s list of compliant service providershas been approved by RPS. If the service provider is in the process of becoming compliant, it is CompanyClient’s responsibility to ensure the service provider is engaged with Experian RPS and an exception is granted in writing. Approved certifications in lieu of EI3PA can be found in the Glossary section.
Appears in 1 contract
Sources: Screening Service Agreement