Common use of Platform Security Controls Clause in Contracts

Platform Security Controls. PS-1: Computer System Security (Servers and Multi-user System sonly) PS-1.1 Voya implements and manages a formal process for ensuring that all computer systems that access, process, store, or transmit Client PI are protected and configured as follows prior to and while remaining in a production status: PS-1.1A Systems are assigned to an asset owner within Voya's organization. PS-1.1B Systems are located in a data center or similarly controlled environment with appropriate physical security mechanisms and environmental controls to ensure systems are protected from theft, vandalism, unplanned outages, or other intentional or unintentional hazards. PS-1.1C All systems are configured to meet Voya standards, monitored to ensurea compliant state, and patched as required to maintain a high degree of security. Issues found to be out of compliance are required to be tracked toclosure. PS-1.1D Systems are configured with commercially available and licensed anti-virus software which is set to perform active scans, perform scans of uploaded or downloaded data/files/web content, and is updated on at least on a daily basis. PS-1.1E System clocks are configured to synchronize with a reputable time source (e.g., NTP). PS-1.1F Systems display a warning banner to all individuals during the logon process that indicates only authorized users may access the system. PS-1.1G Systems that have been implemented into a production environment are routinely tested for vulnerabilities and risks using industry best practice tools and methods.

Platform Security Controls. PS-1: Computer System Security (Servers and Multi-user System sonly) PS-1.1 Voya implements and manages a formal process for ensuring that all computer systems that access, process, store, or transmit Client PI are protected and configured as follows prior to and while remaining in a production status: PS-1.1A Systems are assigned to an asset owner within Voya's organization. PS-1.1B Systems are located in a data center or similarly controlled environment with appropriate physical security mechanisms and environmental controls to ensure systems are protected from theft, vandalism, unplanned outages, or other intentional or unintentional hazards. PS-1.1C All systems are configured to meet Voya standards, monitored to ensurea compliant state, and patched as required to maintain a high degree of security. Issues found to be out of compliance are required to be tracked toclosureto closure. PS-1.1D Systems are configured with commercially available and licensed anti-virus software which is set to perform active scans, perform scans of uploaded or downloaded data/files/web content, and is updated on at least on a daily basis. PS-1.1E System clocks are configured to synchronize with a reputable time source (e.g., NTP). PS-1.1F Systems display a warning banner to all individuals during the logon process that indicates only authorized users may access the system. PS-1.1G Systems that have been implemented into a production environment are routinely tested for vulnerabilities and risks using industry best practice tools and methods.