Common use of Access control to data Clause in Contracts

Access control to data. The Supplier shall take reasonable steps to prevent logical access to Data by unauthorized persons by implementing and maintaining suitable measures to prevent unauthorized reading, copying, alteration or removal of the media containing Data, unauthorized input into memory, reading, alteration or deletion of the stored Data. This will be accomplished by the following measures: 3.1. Supplier shall ensure that Data is encrypted in transit using non-deprecated industry standard protocols (e.g. SSH/SCP/SFTPV2, TLSv1.2 or greater). 3.2. Supplier shall ensure an industry standard level of encryption of Data appropriate to the risks that are presented by the processing of Data at rest. Notwithstanding, all backups of Data shall be encrypted on backup media. 3.3. Data may only be downloaded to a Supplier’s PC, laptop, mobile device, or removable storage if hard disk encryption is enabled on that device. 3.4. Ensure periodic encryption key rotation and management. 3.5. Data may never be used in development, testing, and / or staging environments unless the Data are pseudonymized and such use is authorized in writing by Avaya. 3.6. If credit cardholder information is handled, stored, or otherwise processed, the Supplier’s systems must be PCI DSS certified.

Access control to data. The Supplier shall take reasonable steps to prevent logical access to Data by unauthorized persons by implementing and maintaining suitable measures to prevent unauthorized reading, copying, alteration or removal of the media containing Data, unauthorized input into memory, reading, alteration or deletion of the stored Data. This will be accomplished by the following measures: 3.1. Maintain a written data classification and handling policy and an inventory of records with classification with physical and electronic location provided. 3.2. Supplier shall ensure that Data is encrypted in transit using non-non deprecated industry standard protocols (e.g. SSH/SCP/SFTPV2, TLSv1.2 or greater). 3.23.3. Supplier shall ensure an industry standard level of encryption of Data appropriate to the risks that are presented by the processing of Data at rest. Notwithstanding, all backups of Data shall be encrypted on backup media. 3.33.4. Data may only be downloaded to a Supplier’s PC, laptop, mobile device, or removable storage if hard disk encryption is enabled on that device. 3.43.5. Ensure periodic encryption key rotation and management. 3.53.6. Data may never be used in development, testing, and / or staging environments unless the Data are pseudonymized and such use is authorized in writing by Avaya. 3.63.7. If credit cardholder information is handled, stored, or otherwise processed, the Supplier’s systems must be PCI DSS certified.

Access control to data. The Supplier shall take reasonable steps to prevent logical access to Data by unauthorized persons by implementing and maintaining suitable measures to prevent unauthorized reading, copying, alteration or removal of the media containing Data, unauthorized input into memory, reading, alteration or deletion of the stored Data. This will be accomplished by the following measures: 3.1. Maintain a written data classification and handling policy and an inventory of records with classification with physical and electronic location provided. 3.2. Supplier shall ensure that Data is encrypted in transit using non-deprecated industry standard protocols (e.g. SSH/SCP/SFTPV2, TLSv1.2 or greater). 3.23.3. Supplier shall ensure an industry standard level of encryption of Data appropriate to the risks that are presented by the processing of Data at rest. Notwithstanding, all backups of Data shall be encrypted on backup media. 3.33.4. Data may only be downloaded to a Supplier’s PC, laptop, mobile device, or removable storage if hard disk encryption is enabled on that device. 3.43.5. Ensure periodic encryption key rotation and management. 3.53.6. Data may never be used in development, testing, and / or staging environments unless the Data are pseudonymized and such use is authorized in writing by Avaya. 3.63.7. If credit cardholder information is handled, stored, or otherwise processed, the Supplier’s systems must be PCI DSS certified.