Remote Access Audit Controls Sample Clauses

Remote Access Audit Controls. Unless authorized by United in writing, all contracted work by Vendor shall be conducted from the designated Vendor locations as referenced in the Agreement and/or relevant statement of work(s), exhibits, lists, grids or documents that United provides to Vendor. If United authorizes Vendor personnel to provide services to United remotely (from a site not identified in the designated Vendor list), the following audit controls shall apply: (a) Vendor shall monitor remote or at home users on a periodic basis, which shall include both quarterly onsite audits and a summary report on findings and remediation efforts. Vendor shall provide such reports to United. (b) Vendor shall follow the additional confidentiality obligations: (i) Vendor will not remove any United Information from Vendor location(s), and will not print or download any United Information, including information resulting from connectivity or access to a United system(s), without prior approval of United. (ii) Vendor shall inventory any United Information obtained by or Vendor and shall return or destroy United Information as required by United. If requested by United, Vendor shall provide a certificate of secure destruction. (iii) Vendor will comply with all United policies and procedures regarding the safekeeping of United Information. Policies and procedures must include limitations regarding the storage of information on mobile/PC devices. (iv) Vendor will keep any United Information in a locked file cabinet when such information is not in use. (v) Vendor will maintain written security management policies and procedures regarding secure possession of United Information when traveling and utilizing United Information in public environments.

Remote Access Audit Controls. If Researcher Data Center personnel provide Services remotely, the following audit controls shall apply: (i) Data Center shall monitor remote or at home users on a periodic basis, which shall include both quarterly onsite audits and a summary report on findings and remediation efforts. (ii) Data Center shall follow the additional confidentiality obligations: (a) Data Center will not remove any Sensitive Information from Data Center location(s). (b) Data Center shall inventory any Sensitive Information obtained by Data Center and shall return or destroy Sensitive Information as required by Researcher. If requested by Researcher, Data Center shall provide a certificate of secure destruction. (c) Data Center will prohibit the storage of Sensitive Information on any device other than the secure Data Center server, including but not limited to thumb drives, PCs, handheld devices, mobile phones, or other devices. (d) Data Center will maintain written security management policies and procedures regarding secure possession of Sensitive Information when traveling and utilizing Sensitive Information in public environments.