Operating System Access Control. To protect against unauthorized access or misuse of Sensitive Information residing on Service Provider Information Processing Systems, Service Provider will: Ensure that access to operating systems is controlled by a secure log-on procedure and limited to role based necessity. Ensure that Service Provider Information Processing System users have a unique identifier (user ID). This account is used to identify each person’s activity on Service Provider’s Information Processing Systems network, including any access to employee or City data. Ensure that the use of utility programs that are capable of overriding system and application controls are highly restricted and tightly controlled, with access limited to those employees whose specific job function requires such access. Ensure that inactive sessions are automatically terminated when technically possible after a defined period of inactivity. Employ idle time-based restrictions on connection times when technically possible to provide additional security for high risk applications. Ensure that current industry best practice standard authentication mechanisms for wireless network users and equipment are in place and updated as necessary. Ensure authentication methods are used to control access by remote users, with unique User Identifiers.
Appears in 4 contracts
Samples: Professional Services Agreement Cyber, Professional Services Agreement, Professional Services Agreement Cyber
