Security Program Requirements. Axcient will maintain a security program that contains organisational, technical, and physical safeguards appropriate to the complexity, nature, and scope of its activities. Axcient’s security program shall be appropriate to the risks that are presented by the processing and designed to protect the security and confidentiality of Customer Data against unlawful or accidental access to, or unauthorized processing, disclosure, destruction, damage or loss of Customer Data. At a minimum, Axcient’s security program shall include: (a) limiting access of Customer Data to Authorized Persons; (b) managing authentication and access controls of the system components that provide the services, back-up systems, operating systems, storage media and computing equipment (excluding Bring Your Own Device (BYOD) equipment of personnel of Customer, its Affiliates or its contractors); (c) implementing network, application, database, and platform security; (d) means for securing information transmission, storage, and disposal within Axcient’s possession or control; (e) means for encrypting Customer Data stored on media within Axcient’s possession or control by using modern acceptable xxxxxxx and key lengths, including backup media; (f) means for encrypting Customer Data transmitted by Axcient over public or wireless networks by using modern acceptable xxxxxxx and key lengths; and (g) means for keeping firewalls, routers, servers, personal computers, and all other resources current with appropriate security-specific system patches.
Security Program Requirements. Axcient will maintain a security program that contains administrative, technical, and physical safeguards appropriate to the complexity, nature, and scope of its activities. Axcient’s security program shall be designed to protect the security and confidentiality of Customer Data against unlawful or accidental access to, or unauthorized processing, disclosure, destruction, damage or loss of Customer Data. At a minimum, Axcient’s security program shall include: (a) limiting access of Customer Data to Authorized Persons; (b) managing authentication and access controls of the system components that provide the services, back-up systems, operating systems, storage media and computing equipment (excluding Bring Your Own Device (BYOD) equipment of personnel of Customer, its Affiliates or its contractors); (c) implementing network, application, database, and platform security; (d) means for securing information transmission, storage, and disposal within Axcient’s possession or control; (e) means for encrypting Customer Data stored on media within Axcient’s possession or control by using modern acceptable xxxxxxx and key lengths, including backup media; (f) means for encrypting Customer Data transmitted by Axcient over public or wireless networks by using modern acceptable xxxxxxx and key lengths; and (g) means for keeping firewalls, routers, servers, personal computers, and all other resources current with appropriate security-specific system patches.
Security Program Requirements. MacStadium will maintain a program of physical security that contains administrative, technical, and physical safeguards appropriate to the complexity, nature, and scope of its activities. MacStadium’s physical security program shall be designed to protect the security and confidentiality of Customer Data against unlawful or accidental access to, or unauthorized processing, disclosure, destruction, damage or loss of Customer Data. Customer acknowledges and agrees that, other than physical security, Customer solely controls and is solely responsible for all other aspects of the security of Customer Data.
Security Program Requirements. Service Provider’s written information security program will require that Service Provider apply the same level of security to Personal Data as Service Provider would provide for its own proprietary, sensitive and confidential information. Such program will include, at a minimum, and Service Provider agrees to: (i) implement access controls, including appropriate authentication and credential protocols be maintained as well as limiting access to only authorized representatives who have a need to access in order to carry out their obligations under the Agreement; (ii) safeguard the physical location and infrastructure of any database or record storage area; (iii) safeguard the transmission or transport of any records, including appropriate encryption standards for electronic transmission; (iv) maintain a cyber-incident mitigation strategy, including identify root cause analysis, internal escalations and risk assessment and the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (v) maintain a cyber-incident response plan; (vi) maintain a records retention policy, which ensures secure storage and destruction, in accordance with the requirements of the Agreement or instructions from Customer; (vii) ensure the pseudonymization or encryption of Personal Data where appropriate. Service Provider shall de-identify all Personal Data prior to storing, accessing, or processing Personal Data in environments other than production environments. Duration of access shall be restricted to the minimum time for which access is required. Service Provider shall use safeguards to protect against any compromise, unauthorized access or other damage to Customer’s network and to secure its networks and IT environments associated with the services being provided to Customer.
Security Program Requirements. Without limiting any data security provisions in the Agreement, Representative shall implement and maintain a comprehensive documented information security program based on the NIST Standards contained in Publication 800-115, ISO 27001, or an equivalent standard (“Security Program”) that implements and maintains industry best practices physical, administrative, and technical safeguards which protect the confidentiality, integrity, availability, and security of Brightspeed Data,
