Use of Interconnection Facilities by Third Parties 46 9.9.1 Purpose of Interconnection Facilities 46 9.9.2 Third Party Users. 46
System Access Control Data processing systems used to provide the Cloud Service must be prevented from being used without authorization. Measures: • Multiple authorization levels are used when granting access to sensitive systems, including those storing and processing Personal Data. Authorizations are managed via defined processes according to the SAP Security Policy • All personnel access SAP’s systems with a unique identifier (user ID). • SAP has procedures in place so that requested authorization changes are implemented only in accordance with the SAP Security Policy (for example, no rights are granted without authorization). In case personnel leaves the company, their access rights are revoked. • SAP has established a password policy that prohibits the sharing of passwords, governs responses to password disclosure, and requires passwords to be changed on a regular basis and default passwords to be altered. Personalized user IDs are assigned for authentication. All passwords must fulfill defined minimum requirements and are stored in encrypted form. In the case of domain passwords, the system forces a password change every six months in compliance with the requirements for complex passwords. Each computer has a password-protected screensaver. • The company network is protected from the public network by firewalls. • SAP uses up–to-date antivirus software at access points to the company network (for e-mail accounts), as well as on all file servers and all workstations. • Security patch management is implemented to provide regular and periodic deployment of relevant security updates. Full remote access to SAP’s corporate network and critical infrastructure is protected by strong authentication.
System Upgrade Facilities and System Deliverability Upgrades Connecting Transmission Owner shall design, procure, construct, install, and own the System Upgrade Facilities and System Deliverability Upgrades described in Appendix A hereto. The responsibility of the Developer for costs related to System Upgrade Facilities and System Deliverability Upgrades shall be determined in accordance with the provisions of Attachment S to the NYISO OATT.
Network Access Control The VISION Web Site and the Distribution Support Services Web Site (the “DST Web Sites”) are protected through multiple levels of network controls. The first defense is a border router which exists at the boundary between the DST Web Sites and the Internet Service Provider. The border router provides basic protections including anti-spoofing controls. Next is a highly available pair of stateful firewalls that allow only HTTPS traffic destined to the DST Web Sites. The third network control is a highly available pair of load balancers that terminate the HTTPS connections and then forward the traffic on to one of several available web servers. In addition, a second highly available pair of stateful firewalls enforce network controls between the web servers and any back-end application servers. No Internet traffic is allowed directly to the back-end application servers. The DST Web Sites equipment is located and administered at DST’s Winchester data center. Changes to the systems residing on this computer are submitted through the DST change control process. All services and functions within the DST Web Sites are deactivated with the exception of services and functions which support the transfer of files. All ports on the DST Web Sites are disabled, except those ports required to transfer files. All “listeners,” other than listeners required for inbound connections from the load balancers, are deactivated. Directory structures are “hidden” from the user. Services which provide directory information are also deactivated.
Access Controls a. Authorized Access - DST shall have controls that are designed to maintain the logical separation such that access to systems hosting Fund Data and/or being used to provide services to Fund will uniquely identify each individual requiring access, grant access only to authorized personnel based on the principle of least privileges, and prevent unauthorized access to Fund Data.
General Conditions Applicable to Option to Build If the Interconnection Customer assumes responsibility for the design, procurement and construction of the Participating TO's Interconnection Facilities and Stand Alone Network Upgrades,
Use of Basement and Service Areas The basement(s) and service areas, if any, as located within the (project name), shall be earmarked for purposes such as parking spaces and services including but not limited to electric sub-station, transformer, DG set rooms, underground water tanks, pump rooms, maintenance and service rooms, fire fighting pumps and equipment's etc. and other permitted uses as per sanctioned plans. The Allottee shall not be permitted to use the services areas and the basements in any manner whatsoever, other than those earmarked as parking spaces, and the same shall be reserved for use by the association of allottees formed by the Allottees for rendering maintenance services.
Interconnection Facilities Engineering Procurement and Construction Interconnection Facilities, Network Upgrades, and Distribution Upgrades shall be studied, designed, and constructed pursuant to Good Utility Practice. Such studies, design and construction shall be based on the assumed accuracy and completeness of all technical information received by the Participating TO and the CAISO from the Interconnection Customer associated with interconnecting the Large Generating Facility.
REMOVAL OF RECORDS FROM PREMISES Where performance of the Contract involves use by the Contractor (or the Contractor’s subsidiaries, affiliates, partners, agents or subcontractors) of Authorized User owned or licensed papers, files, computer disks or other electronic storage devices, data or records at Authorized User facilities or offices, or via remote access, the Contractor (or the Contractor’s subsidiaries, affiliates, partners, agents or subcontractors) shall not remotely access, modify, delete, copy or remove such Records without the prior written approval of the Authorized User. In no case, with or without the written approval of the Authorized User, can the Authorized User data be accessed, moved or sent outside the continental United States.
Access Control Supplier will maintain an appropriate access control policy that is designed to restrict access to Accenture Data and Supplier assets to authorized Personnel. Supplier will require that all accounts have complex passwords that contain letters, numbers, and special characters, be changed at least every 90 days, and have a minimum length of 8 characters.
