Operational Controls. Contractor shall implement operational procedures and controls designed to ensure that technology and information systems are configured and maintained according to prescribed internal standards and consistent with applicable Industry Standard Safeguards. Examples of Industry Standard Safeguards are ISO/IEC 27002:2005, NIST 800-44, Microsoft Security Hardening Guidelines, OWASP Guide to Building Secure Web Applications, SOC 2 Type 2, and the various Center for Internet Security Standards. Moreover, Contractor shall use application security and software development controls designed to eliminate and minimize the introduction of security vulnerabilities.
Operational Controls. Whilst Operational Controls may include either administrative or technical entitlement controls the most effective Operational Controls are likely to include technical entitlement systems supported by documented administrative procedures. A possible component of an Operational Controls framework is the deployment of a permissioning system to assist in the correct distribution and reporting of Data. In the absence of effective Operational Controls, applied at the Device or Unique User Id level, Turquoise reserves the right to apply Charges where applicable, on the basis of reasonable estimates of Devices or Unique User Ids with access to the Data. For example if Data is fed into a network which does not control access, then all Devices or Unique User Ids, with access to that network must be reported as Fee liable for all levels of Data available within the network.
Operational Controls. In its performance of Hosted Subscription Services, Verint shall maintain operational controls sufficient to enable Verint’s satisfaction of its performance obligations in this Section 3, including, without limitation, the following: • Verint will utilize up-to-date and comprehensive virus and malware protection capabilities, and commercially reasonable practices, including detection, scanning and removal of known viruses, worms and other malware on the Verint’s hosting systems. These virus protection capabilities will be in force on all computers and/or devices utilized in connection with the technology services, as well as on all data files or other transfers that have access or are connected to Verint’s hosting system. • If a virus, worm or other malware causes a loss of operational efficiency or loss of data, Verint will mitigate losses and restore data from the last virus free backup to the extent practicable. • Verint shall obligate its hosting partners to provide a multiple layered security approach. This shall include perimeter firewalls, DMZ, one or more internal network segments, and network intrusion detection monitors for attempted intrusion to the production environment. Network vulnerability scans shall be conducted regularly and issues addressed according to Industry Standard change control processes. • Verint shall mitigate security vulnerabilities through the use of perimeter and host countermeasures such as intrusion prevention, web application firewall, IP address shunning, and other measures designed to prevent successful exploitation of vulnerabilities. • Verint and its hosting partners shall proactively address security risks by applying released security patches, including, as example, Windows security patching and updates to patch known vulnerabilities in an applicable operating system. Patches shall be deployed to production via Verint’s change management process. Verint shall test all patches in its test environment prior to release to production. If a patch degrades or disables the production environment, Verint shall continue to mitigate vulnerabilities until a patch is provided by the software or operating system manufacturer that does not degrade or disable production. Such mitigation efforts may include intrusion prevention, web application firewall, and other measures chosen by Verint to reduce likelihood or prevent successful access to Customer Data by an unauthorized party. • Each month, Verint and its hosting partners sha...
Operational Controls. 3.1 Whilst Operational Controls may include either administrative or technical entitlement controls the most effective Operational Controls are likely to include technical entitlement systems supported by documented administrative procedures.
Operational Controls. Except for the uses of Information specified in Sections 2.10, 2.12 and 2.13 below, or where an exception for any other use is specified and approved by BHB in accordance with this Agreement, Licensee shall maintain Operational Controls sufficient to identify, record and control all use of and access to Information and to detect unlicensed use. In particular, where Licensee distributes Real-time Information on or via publicly accessible internet Websites, downloadable terminal applications, wireless data dissemination, mobile telephone or electronic messaging services, Licensee must ensure that all access is restricted to registered Users with individual passwords and Unique User ID’s and valid Subscriber Agreements.
Operational Controls. Verint shall maintain operational controls sufficient to enable Verint’s satisfaction of its performance obligations in this Section 2, including, without limitation, the following: • Maintain a dedicated information security function to design, maintain and operate security in line with Industry Standards. This function shall focus on system integrity, risk acceptance, risk analysis and assessment, risk evaluation, and risk management. • Maintain a written information security policy that is approved by the Verint management team and published and communicated to all Verint Personnel and relevant third parties. • Provide security awareness training at least annually to its employees, and maintain records of training attendance for no less than one (1) year. • Conduct vulnerability assessments and/or penetration tests of networks, systems, applications and databases where Customer Data is located at rest, in transit and in use. Verint shall triage identified vulnerabilities and remediate or mitigate vulnerabilities in accordance with Industry Standards. • Maintain appropriate authentication system(s) to authenticate and restrict access to Verint systems and networks to valid users. • Install and maintain antivirus software on all servers and computing devices involved with Processing activities, and use other malware detection techniques where reasonably required. Such antivirus software shall be updated on a daily basis, or as otherwise provided by the antivirus software manufacturer. • Maintain physical security measures with respect to Verint facilities to help prevent and detect physical compromise, including, without limitation, use of identification badges, smart card or other electronic or physical identity verification systems, alarms on external doors, and CCTV on all entrances / exits to such facilities. Verint shall periodically review access records and CCTV video to ensure access controls are being enforced effectively, with any discrepancies or unauthorized access investigated immediately. • With respect to Verint internal networks, ensure perimeter networks are physically or logically separated from internal networks containing Customer Data, establish and configure firewalls in accordance with Industry Standards, use network intrusion detection systems as a part of network security, and restrict and control remote network access. • Complete diligent review of any Verint subcontractors that will have access to Customer Data, and require such...
Operational Controls. Insurance Company agrees to provide information on its compliance policies and operational controls that relate to the services it provides under this Agreement. Insurance Company further agrees to permit Transfer Agent or its representatives to have reasonable access to personnel and records to facilitate the monitoring of its compliance procedures and operational controls.
Operational Controls. Licensee’s Operational Controls must have the capabilities as below to electronically verify, control, monitor and report the usage, enablement and disablement of the distribution of Information to each, and every, recipient. Operational Controls must capture the following data:
Operational Controls. 9.1 The Licensee must have Operational Controls in place by the Commencement Date and shall certify to Bursa that it has such Operational Controls in place in writing, within 30 days of the Commencement Date. Non-compliance of this provision may lead to an audit, suspension of service or termination of this Agreement at the sole discretion of Bursa.
Operational Controls. Personnel Security, Physical and Environmental Protection, Contingency Planning, Configuration Management, Maintenance, System and Information Integrity, Media Protection, Incident Response, and Security Awareness and Training.
