Access by Individuals. Illumina shall limit access to Customer Data to Illumina’s Workforce who need access to Customer Data for purposes of performing the Services. Illumina shall implement role-based access controls designed to permit user access to Customer Data which are necessary to accomplish assigned tasks on behalf of Customer. i. Each user who has access to Customer Data and systems and equipment that host Customer Data (“User”) shall have a unique identifier. ii. Users shall be authenticated by one of the following methods: unique token, card key, biometric reader, or individual password. Users shall be advised that their unique identifier and authentication tool (e.g. password) shall not be shared with others. iii. Where password authentication is employed to authenticate Users, Illumina shall: 1. prohibit guest accounts; 2. instruct Users not to write down passwords or store them on hard copy or locally on devices; 3. periodically review User accounts and inactivate them when access is no longer required; 4. implement inactivity time-outs, where technically feasible, for User devices that access Customer Data; and 5. implement automatic logoffs for Illumina systems and equipment that process Customer Data. iv. Illumina shall implement policies and procedures that state that Users are only permitted access to Customer Data they have a business need to access.
Appears in 2 contracts