Safeguarding Protected Data Sample Clauses

Safeguarding Protected Data. Supplier agrees that use, storage, and access to Protected Data shall be performed with that degree of skill, care, and judgment customarily accepted as sound, quality, and professional practices. Supplier shall implement and maintain safeguards necessary to ensure the confidentiality, availability, and integrity of Protected Data. Supplier shall also implement and maintain any safeguards required to be implemented by Applicable Laws. Such safeguards shall include as appropriate, and without limitation, the following: System Security. A system that is owned or operated by Supplier and contains Protected Data (“System”) shall be secured as follows: Supplier shall implement controls reasonably necessary to prevent a breach. The System shall use secure protocols and encryption to safeguard Protected Data in transit. Supplier understands the System may be placed on a public network and shall implement safeguards reasonably necessary to protect its System from compromises and attacks. Supplier will protect the System with firewalls. Supplier shall additionally: Limit administrative access to the System, Limit remote access to the System, Limit account access and privileges to the least necessary for the proper functioning of the System, Remove or disable applications and services that are not necessary for the proper functioning of the System, Use named user accounts and not generic or shared accounts, Use Federated Single Sign On, Kerberos, or other industry compliant services for authentication and authorization, and Enable an appropriate level of auditing and logging for the operating system and applications. The System shall allow the changing of System and user passwords.