Common use of Access Monitoring Clause in Contracts

Access Monitoring. a) The information-processing systems used for the carrying out of the order from the order processor (client and server systems) are protected by authentication and authorization systems. b) Identification and authentication information (in particular in the form of user names and passwords) that are connected with the access authorization on the information-processing systems used for the carrying out of the order are only assigned to the persons commissioned with the carrying out of the order and merely in the scope necessary for the respective task. c) Each awarding of access authorizations is documented for the length of the order. d) All accesses and identifications (“Accounts”) are awarded exclusively person-specific. The use of accounts by several persons (group accounts) is stopped fundamentally. e) Identification and authentication information are used exclusively personally; a password contained in such information is awarded as an initial password and is immediately converted after the receipt by the authorized person corresponding to the determinations established in this Appendix to a password known only to the authorized person; any disclosure is stopped. If unauthorized persons receive access data, the order processor will immediately show this to the responsible party. f) The choice of the passwords is done with sufficient complexity and quality. Sufficient complexity and quality means at least a length of ten (10) characters in the use of three of the following 4 categories (upper- and lowercase letters, figures and special characters), no use of generic terms or of personal names as well as the inadmissibility of at least the last three (3) passwords used. g) The order processor will keep authentication data (in particular passwords and cryptographic keys) strongly secret toward unauthorized persons, preserve these not in plain text, and use this exclusively using an encryption corresponding to this appendix or as an irreversible cryptographic checksum (in particular in the storage and transfer in the network). h) For the encryption, the AES algorithm with 256 bits and for passwords hashes of the HMAC algorithm with 512 bits are used. i) Each surrender of hardware to the employee of the Contractor is documented for the length of the order.