Logical Security. All hard drives of TEHTRIS Appliances at the User's premises or in the TEHTRIS datacenter (which are used in servers) are encrypted via FDE (Full Disk Encryption) with keys that are stored off-site in a restricted, protected and encrypted space. All hard drives on TEHTRIS workstations (which are used to remotely administer the TEHTRIS Service) are encrypted via FDE. Workstations with elevated privileges are physically protected and inaccessible outside of business hours. All system authentications are performed by using a crypto-processor in a French branded smart card, with a PIN code typed on an external French branded reader, in order to avoid the threat of eavesdropping on a workstation. All operating systems used in TEHTRIS Appliances at the User's site or in the TEHTRIS Datacenter are protected by secure Linux kernels, modified and compiled by TEHTRIS, with the use of advanced security technologies, including for example: RBAC integration in the kernel with role assignment and security policies for all processes; technologies against overflow attacks; special protections against Data leakage in memory Applications hosted in TEHTRIS Appliances at the User's location or in the TEHTRIS Datacenter, built by TEHTRIS in order to provide the TEHTRIS Service, may use technologies such as obfuscation, encryption and anti- reverse engineering, in order to limit and slow down attempts to recover functionality. All communications related to the TEHTRIS Service are encrypted between TEHTRIS workstations and the TEHTRIS Datacenter. All communications between TEHTRIS Appliances are encrypted including in the TEHTRIS Datacenter. All communications between TEHTRIS employees regarding the Agreement are encrypted (email, instant messaging). TEHTRIS' internal network access security contains scalable modules to combat physical and logical intrusion threats, for example: authentication on the network with 802.1X; technologies against network attacks, such as DHCP attacks, ARP spoofing attacks, IP spoofing attacks, etc. TEHTRIS employees do not have any access to the TEHTRIS internal network from a remote location, as the network behaves like a diode with respect to the Internet. Access to the TEHTRIS datacenter infrastructure is protected by: (i) identity restrictions: strong authentication dedicated to each employee based on physical tokens with French-branded crypto-processors and physical protection; (ii) time restrictions: with limitations on hours and days based on ...
Logical Security. The Vendor shall notify TSP immediately if any Contract Personnel no longer require Access or change role for any reason whatsoever thus enabling TSP to disable or modify the Access rights. The Vendor shall maintain systems which detect and record any attempted damage, amendment or unauthorised access to TSP Information. The Vendor shall, implement agreed as well as generally prevalent security measures across all supplied components and materials including software & Data to ensure safeguard and confidentiality, availability and integrity of TSP Systems and TSP Information. The Vendor shall provide TSP with full documentation in relation to the implementation of logical security in relation to Purpose and shall ensure that it and such security: prevents unauthorised individuals e.g. hackers from gaining Access to TSP Systems; and reduces the risk of misuse of TSP Systems or TSP information, which could potentially cause loss of revenue or service (and its Quality) or reputation, breach of security by those individuals who are Authorised to Access it; and detects any security breaches that do occur enabling quick rectification of any problems that result and identification of the individuals who obtained Access and determination of how they obtained it.
Logical Security. The Application and the data it supports are protected by a redundant set of firewalls, which cover all access points from the connected public networks. Internet security policies are in place to enforce maintenance plans and regular security reviews.
Logical Security. Supplier shall follow industry best practices and take the additional precautions below with respect to the logical security of Secure Information in its possession.
Logical Security. 4.3.1 The Vendor shall notify TSP immediately if any Contract Personnel no longer require Access or change role for any reason whatsoever thus enabling TSP to disable or modify the Access rights.
Logical Security. Supplier agrees to safeguard the Property from loss, theft or inadvertent disclosure and, therefore, agrees as appropriate to: • Access to data should be on a need-to-know basis and only permitted via the customer. • Staff are aware of basic Information Security requirements within their organisation and those stipulated by their 3rd parties. • Dependent on the size of the organisation, one or more firewalls should be installed on the boundary of the organisation’s internal network(s). • Each authorised user should authenticate using a unique username and strong password. The login credentials should be managed effectively and provide the minimum level of access to applications, computers, and networks. • Computers should be protected with a malware protection software. • Software running on computers and network devices should be kept up-to-date and have the latest security patches installed. • The organisation should implement Endpoint Detection and Response tools to monitor and alert malicious activity. • Backup copies of information, software and system images should be taken and tested regularly in accordance with your backup policy. • Are aware of basic Information Security requirements in protecting the working environment, computer assets, mobile devices, and confidential data from creation to disposal. ANNEX III AGREED LIST OF SUB-PROCESSORS Name Contact details Place of processing Description of processing Amazon Web Services EMEA SARL, R.C.S. Luxembourg: B186284 38 Avenue Xxxx X. Xxxxxxx L-1855 Luxembourg Ireland Cloud based storage of data Oderland 556680-8746 556680-8746 Sweden Web hotel SUB-APPENDIX 3 TO THE DATA PROCESSING AGREEMENT SELECTED OPTIONS IN MODEL CLAUSES Applicable module(s) of the Model Cluses: Module 2 MODULE 2 Clause of 2021/914 SCCs Selected option Clause 7 Each Party shall have the right to use the docking clause subject to section 11 of this Data Processing Agreement.
Logical Security. In addition, privileged and non-privileged access to systems and network devices are based upon a documented, approved request. Only authorised users can request logical access to the Data Exporter's environments. A periodic verification is performed in accordance with instructions to determine that the owner of a user ID is still employed and assigned to provide services for the entity issuing the user ID in the service delivery centre. Exceptions identified during the verification process are remediated. An annual business need revalidation is performed to determine that access is commensurate with the user’s job function. Exceptions identified during the revalidation process are remediated. User access to the Data Importer's internal network infrastructure is revoked within 24 hours of termination of employment.
Logical Security. Twilio has a dedicated team to ensure they’re on the forefront of compliance and delivery. If the company sees accounts with signs of suspicious activity, it takes immediate action. Twilio continuously scans its applications for vulnerabilities, using a combination of static source code analysis and dynamic testing. It offer two-factor authentication for added protection of their client accounts and encrypt all data in transit using TLS. They also have an independent penetration test conducted on an annual basis. Operational Security.Access to Twilios' systems and data is restricted only to those who need access in order to provide support. Personal security. Twilio also have industry leading personnel management, including: : - Background checks for employees - Signed confidentiality agreements - Termination / access removal processes - Acceptable use agreements. Twilio have earned the SOC 2 Type II certification, based on its rigorous controls to safeguard data. Please read more at xxxxx://xxxxxxxx.xxx/policies/security/ Potential consequences. If a security breach should take place. Supplier consider the potential consequences to be small because there is little personal data processed by the Twilio services . Furthermore, such data is not sensitive.
Logical Security. The Contractor shall establish, using National Institute Standards and Technology (NIST) Special Publications as a guide, secure logical and physical infrastructures for Information Systems (IS) environments including, but not limited to, security plans, risk assessments, access controls, directory services, compliance monitoring, firewalls, intrusion detection/scanning systems, anti-virus tools, privacy data assessment, and PII and other data protection policies. This function includes providing details for security awareness training, personnel security, policy enforcement, incident handling procedures, and separation of duties within an organization. In addition, the Contractor shall recommend and implement current best practices for the widest range of operating systems, database, networks, and application security, taking current best practices, industry standards, and Government regulations and policies into account.
Logical Security a. Any network or workstation computer that contains Transcept materials or information must have the password protection:
