Access Control Policy. Supplier shall establish, document, and communicate to Buyer a formal access control policy based on business and security requirements for access. Access control rules shall account for and reflect Supplier's policies for information dissemination and authorization, and these rules shall be supported by formal procedures and clearly defined responsibilities. Access control rules and rights for each user or group of users shall be clearly stated. Access controls are both logical and physical. Users and service providers shall be given a clear statement of the business requirements to be met by access controls. The policy shall be reviewed and updated at least annually.
Appears in 1 contract
Sources: Participation Agreement
Access Control Policy. Supplier shall establish, document, and communicate to Buyer a formal access control policy based on business and security requirements for access. Access control rules shall account for and reflect Supplier's policies for information dissemination and authorization, and these rules shall be supported by formal procedures and clearly defined responsibilities. Access control rules and rights for each user or group of users shall be clearly stated. Access controls are must be both logical and physical. Users and service providers shall be given a clear statement of the business requirements to be met by access controls. The policy shall be reviewed at least annually and updated at least annuallyas needed to ensure accuracy and effectiveness.
Appears in 1 contract
Sources: Participation Agreement