Common use of Regular Monitoring and Testing of Networks Clause in Contracts

Regular Monitoring and Testing of Networks. All access to network resources and Personal Data is tracked and monitored using centralized logging mechanisms that allow thorough tracking, alerting, and analysis on a regular basis (at least daily) as well as when something does go wrong. All systems are provided with correct and consistent time and audit trails are secured and protected, including file-integrity monitoring to prevent change of existing log data and/or generate alerts in case. Audit trails for critical systems are kept for a year. Security of systems and processes is regularly tested, at least yearly. This is to ensure that security controls for system components, processes and custom software continue to reflect a changing environment. Security testing includes: ● Processes to test rogue wireless access points, ● Internal and external network vulnerability tests that are carried out at least quarterly. An external, qualified party carries out the external network vulnerability tests. ● External and internal penetration tests using Partner's penetration test methodology that is based on industry-accepted penetration testing approaches that cover the all relevant systems and include application-layer as well as network-layer tests All test results are kept on record and any findings are remediated in a timely manner. Partner does not allow penetration tests carried out by or on behalf of its customers. In daily operations IDS (intrusion detection system) is used to detect and alert on intrusions into the network and file-integrity monitoring has been deployed to alert personnel to unauthorized modification of critical systems.

Regular Monitoring and Testing of Networks. All access to network resources and Personal Data is tracked and monitored using centralized logging mechanisms that allow thorough tracking, alerting, and analysis on a regular basis (at least daily) as well as when something does go wrong. All systems are provided with correct and consistent time and audit trails are secured and protected, including file-integrity monitoring to prevent change of existing log data and/or generate alerts in case. Audit trails for critical systems are kept for a year. Security of systems and processes is regularly tested, at least yearly. This is to ensure that security controls for system components, processes and custom software continue to reflect a changing environment. Security testing includes: ●  Processes to test rogue wireless access points, ●  Internal and external network vulnerability tests that are carried out at least quarterly. An external, qualified party carries out the external network vulnerability tests. ●  External and internal penetration tests using Partner's penetration test methodology that is based on industry-accepted penetration testing approaches that cover the all relevant systems and include application-application- layer as well as network-layer tests All test results are kept on record and any findings are remediated in a timely manner. Partner does not allow penetration tests carried out by or on behalf of its customers. In daily operations IDS (intrusion detection system) is used to detect and alert on intrusions into the network and file-file- integrity monitoring has been deployed to alert personnel to unauthorized modification of critical systems.