Supplier must a. Establish and maintain baseline configurations and inventories of information systems throughout the respective system development life cycles. b. Establish and enforce security configuration settings for information technology products employed in information systems. c. Identify, document and approve any deviations from established configuration settings. d. Review the information system(s) annually, at minimum, to identify unnecessary and/or insecure functions, ports, protocols, and services. e. Disable unnecessary and/or insecure functions, ports, protocols, and services. f. Develop and document an inventory of information system components, including “open source” code incorporated in, or used to derive, any deliverable provided to Verizon, which must be provided to Verizon upon request. g. Maintain policies and procedures addressing security and intellectual property requirements that apply to “open source” code incorporated in or used to derive any deliverable provided to Verizon. h. Establish policies governing the installation of software by users, enforce software installation restrictions, and monitor policy compliance.
Supplier must a. Establish an operational incident handling capability for information systems that includes reasonable preparation, detection, analysis, containment, recovery, and user response activities. b. Periodically, but no less than annually, test the incident handling capability. c. Track, document, and report incidents to appropriate Supplier personnel. d. Notify Verizon of any incident materially affecting systems supporting Verizon services or data, including, but not limited to, any loss, acquisition or use of Verizon Confidential Information without authorization, as follows: i. Supplier must provide notification via electronic mail to: XXXX@xxxxxxx.xxx as soon as practical, but no later than twenty-four (24) hours, following awareness of the security incident. ii. Upon Verizon request, Supplier must provide status updates of the incident mitigation to a point of contact designated by Verizon. iii. Supplier must cooperate with Verizon in its efforts to investigate any security incidents. iv. Upon Verizon request, Supplier must provide a written report which describes the incident, the actions taken by Supplier during the incident response and future actions to prevent a similar incident from reoccuring.
Supplier must a. Have established screening criteria for individuals with access to Verizon systems or data. b. Ensure that upon termination of employment: i. Information system and application access is disabled immediately; ii. Retrieval of all Verizon information and information system related property of the terminated employee (including, but not limited to, mobile phones, tablets, laptops, and security tokens). c. Deploy and manage a mobile device management program for all personnel who use company-issued and or personal devices in their normal course of work with Verizon that provides for technical controls designed to secure Verizon Confidential Information accessed on mobile devices. d. Upon a personnel role transfer: i. Review and confirm ongoing operational need for current logical and physical access; and ii. Make changes to logical and physical access as needed e. Prohibit and take reasonable measures to prevent the use of external personal email accounts, personal websites and social media when handling Verizon Confidential Information.
Supplier must. (i) deliver the Goods or perform Work or Services using due care, skill and diligence;
Supplier must. (i) provide to Port Authority (by assignment or otherwise) all manufacturer’s warranties provided with respect to the Goods or Work or Services (if any); and
Supplier must. (i) retain and provide such records and reports as may be required by Port Authority; and
Supplier must. (a) create, maintain and follow a documented process for limiting access to Sensitive Information to those persons who are authorized to have that access and for the purposes for which they are authorized, which process must include measures to verify the identity of those persons; and
Supplier must. (a) create, maintain and follow a documented process for maintaining the integrity of Information while possessed or accessed by Supplier; and
Supplier must. (i) undertake its own identification and analysis of work health and safety risks associated with the Goods or Services;
Supplier must. (a) observe the Privacy law and any Company privacy protocol provided to Supplier by the Company in respect of all Personal Information;
