Common use of Audit and Monitoring Clause in Contracts

Audit and Monitoring. The Supplier shall collect audit records which relate to security events in the systems or that would support the analysis of potential and actual compromises. In order to facilitate effective monitoring and forensic readiness such Supplier audit records should (as a minimum) include: Logs to facilitate the identification of the specific asset which makes every outbound request external to the ICT Environment (to the extent that the ICT Environment is within the control of the Supplier). To the extent the design of the Goods and/or Services allows such logs shall include those from DHCP servers, HTTP/HTTPS proxy servers, firewalls and routers. Security events generated in the ICT Environment (to the extent that the ICT Environment is within the control of the Supplier) and shall include: privileged account logon and logoff events, the start and termination of remote access sessions, security alerts from desktops and server operating systems and security alerts from third party security software. The Supplier and the Customer shall work together to establish any additional audit and monitoring requirements for the ICT Environment. The Supplier shall retain audit records collected in compliance with this Paragraph 27 for a period of at least 6 months. 12/08/2013 In this Lease Agreement Schedule 8, the following definitions shall apply:

Audit and Monitoring. The Supplier shall collect audit records which relate to security events in the systems or that would support the analysis of potential and actual compromises. In order to facilitate effective monitoring and forensic readiness such Supplier audit records should (as a minimum) include: Logs to facilitate the identification of the specific asset which makes every outbound request external to the ICT Environment (to the extent that the ICT Environment is within the control of the Supplier). To the extent the design of the Goods and/or Services allows such logs shall include those from DHCP servers, HTTP/HTTPS proxy servers, firewalls and routers. Security events generated in the ICT Environment (to the extent that the ICT Environment is within the control of the Supplier) and shall include: privileged account logon and logoff events, the start and termination of remote access sessions, security alerts from desktops and server operating systems and security alerts from third party security software. The Supplier and the Customer shall work together to establish any additional audit and monitoring requirements for the ICT Environment. The Supplier shall retain audit records collected in compliance with this Paragraph 27 17 for a period of at least 6 months. 12/08/2013 In this Lease Agreement Schedule 8, the following definitions shall apply:.

Audit and Monitoring. The Supplier shall collect audit records which relate to security events in the systems or that would support the analysis of potential and actual compromises. In order to facilitate effective monitoring and forensic readiness such Supplier audit records should (as a minimum) include: Logs to facilitate the identification of the specific asset which makes every outbound request external to the ICT Environment (to the extent that the ICT Environment is within the control of the Supplier). To the extent the design of the Goods and/or Services allows such logs shall include those from DHCP servers, HTTP/HTTPS proxy servers, firewalls and routers. Security events generated in the ICT Environment (to the extent that the ICT Environment is within the control of the Supplier) and shall include: privileged account logon and logoff events, the start and termination of remote access sessions, security alerts from desktops and server operating systems and security alerts from third party security software. The Supplier and the Customer shall work together to establish any additional audit and monitoring requirements for the ICT Environment. The Supplier shall retain audit records collected in compliance with this Paragraph 27 17 for a period of at least 6 months. 12/08/2013 TIS0355 APPENDIX E - SECURITY IG REQUIREMENTS FOR CONFIDENTIAL WASTE V3.0 06.03.20: In this Lease Agreement Call Off Schedule 8, the following definitions shall apply:

Audit and Monitoring. The Supplier shall collect audit records which relate to security events in the systems or that would support the analysis of potential and actual compromises. In order to facilitate effective monitoring and forensic readiness such Supplier audit records should (as a minimum) include: Logs to facilitate the identification of the specific asset which makes every outbound request external to the ICT Environment (to the extent that the ICT Environment is within the control of the Supplier). To the extent the design of the Goods and/or Services allows such logs shall include those from DHCP servers, HTTP/HTTPS proxy servers, firewalls and routers. Security events generated in the ICT Environment (to the extent that the ICT Environment is within the control of the Supplier) and shall include: privileged account logon and logoff events, the start and termination of remote access sessions, security alerts from desktops and server operating systems and security alerts from third party security software. The Supplier and the Customer shall work together to establish any additional audit and monitoring requirements for the ICT Environment. The Supplier shall retain audit records collected in compliance with this Paragraph 27 8.22 for a period of at least 6 months. 12/08/2013 In this Lease Agreement Call Off Schedule 8, the following definitions shall apply:

Audit and Monitoring. The Supplier shall collect audit records which relate to security events in the systems or that would support the analysis of potential and actual compromises. In order to facilitate effective monitoring and forensic readiness such Supplier audit records should (as a minimum) include: Logs to facilitate the identification of the specific asset which makes every outbound request external to the ICT Environment (to the extent that the ICT Environment is within the control of the Supplier). To the extent the design of the Goods and/or Services allows such logs shall include those from DHCP servers, HTTP/HTTPS proxy servers, firewalls and routers. Security events generated in the ICT Environment (to the extent that the ICT Environment is within the control of the Supplier) and shall include: privileged account logon and logoff events, the start and termination of remote access sessions, security alerts from desktops and server operating systems and security alerts from third party security software. The Supplier and the Customer shall work together to establish any additional audit and monitoring requirements for the ICT Environment. The Supplier shall retain audit records collected in compliance with this Paragraph 27 8.22 for a period of at least 6 months. 12/08/2013 In this Lease Agreement Schedule 8, the following definitions shall apply: