Communications and Operations Management Clause Samples
The Communications and Operations Management clause establishes requirements and procedures for managing and securing an organization's information processing facilities and communication networks. It typically covers aspects such as controlling access to systems, monitoring network activity, and ensuring that operational procedures are documented and followed. By setting these standards, the clause helps prevent unauthorized access, data breaches, and operational disruptions, thereby safeguarding the integrity and availability of information systems.
POPULAR SAMPLE Copied 1 times
Communications and Operations Management a. Network Penetration Testing - State Street will, on approximately an annual basis but in no event less frequently than every eighteen (18) months, contract with an independent third party to conduct a network penetration test on its network having access to or holding or containing Client Data. If penetration testing reveals material deficiencies or vulnerabilities, the findings will be risk rated consistent with industry standards and timeframes will be defined for remediating vulnerabilities (other than medium or low risk vulnerabilities) consistent with industry standards and taking into account any mitigation efforts taken by State Street with respect to such vulnerabilities
Communications and Operations Management a. Network Penetration Testing - Accounting Agent will, on approximately an annual basis but in no event less frequently than every eighteen (18) months, contract with an independent third party to conduct a network penetration test on its network having access to or holding or containing ▇▇▇▇▇▇ Funds Confidential Information. If penetration testing reveals material deficiencies or vulnerabilities, the findings will be risk rated consistent with industry standards and timeframes will be defined for remediating vulnerabilities (other than medium or low risk vulnerabilities) consistent with industry standards and taking into account any mitigation efforts taken by Accounting Agent with respect to such vulnerabilities.
Communications and Operations Management a. Network Penetration Testing - DST shall, on approximately an annual basis, contract with an independent third party to conduct a network penetration test on its network having access to or holding or containing Fund Data. DST shall have a process to review and evaluate high risk findings resulting from this testing.
Communications and Operations Management a. Network Penetration Testing - Transfer Agent shall, on approximately an annual basis, contract with an independent third party to conduct a network penetration test on its network having access to or holding or containing Fund Data. Transfer Agent shall have a process to review and evaluate high risk findings resulting from this testing.
Communications and Operations Management. The IT organization manages changes to the corporate infrastructure, systems and applications through a centralized change management program, which may include, testing, business impact analysis and management approval, where appropriate. Incident response procedures exist for security and data protection incidents, which may include incident analysis, containment, response, remediation, reporting and the return to normal operations. To protect against malicious use of assets and malicious software, additional controls may be implemented, based on risk. Such controls may include, but are not limited to, information security practices and standards; restricted access; designated development and test environments; virus detection on servers, desktops and notebooks; virus email attachment scanning; system compliance scans; intrusion prevention monitoring and response; logging and alerting on key events; information handling procedures based on data type, e-commerce application and network security; and system and application vulnerability scanning.
Communications and Operations Management. Protections Against Malicious Code. Service Provider will implement detection, prevention, and recovery controls to protect against malicious software, which is no less than current industry best practice and perform appropriate employee training on the prevention and detection of malicious software. Back-ups. Service Provider will perform appropriate back-ups of Service Provider Information Processing Systems and media containing City Data every business day with end-of-month copy stored for 1-year in order ensuring services and service levels described in this Document. Service Provider maintains a plan for responding to a system emergency or other occurrence (for example, fire, vandalism, system failure and natural disaster) that damages systems that contain Sensitive Information and Internal Information. Media Handling. Service Provider will protect against unauthorized access or misuse of City Data contained on media. Media and Information Disposal. Service Provider will securely and safely dispose of media containing Sensitive Information: Maintaining a secured disposal log that provides an audit trail of disposal activities.
Communications and Operations Management a. Network Penetration Testing - Custodian will, on approximately an annual basis but in no event less frequently than every eighteen (18) months, contract with an independent third party to conduct a network penetration test on its network having access to or holding or containing Fund Confidential Information. If penetration testing reveals material deficiencies or vulnerabilities, the findings will be risk rated consistent with industry standards and timeframes will be defined for remediating vulnerabilities (other than medium or low risk vulnerabilities) consistent with industry standards and taking into account any mitigation efforts taken by Custodian with respect to such vulnerabilities.
Communications and Operations Management. USBFS must implement and maintain controls to prevent and detect unauthorized access, intrusions, computer viruses and other malware on its Information Systems. At a minimum these must include: • Client and server-side antivirus programs that includes the latest antivirus definitions; • A process that would install for production, within 30 days, any critical patches or security updates; • Hardening and configuration requirements meeting industry best practices, and the information security Common Control Framework (CCF), which supports information security compliance efforts at U.S. Bank, N.A. (the “Bank”) by simplifying communication of compliance requirements across numerous external authorities. The information security CCF is a set of 181 harmonized controls that represent the Bank’s information security obligations under FFIEC, PCI, NIST 800-53 rev. 3 and SOX. These controls serve as a foundational component of information security policy by providing the minimum set of external information security obligations that the Bank is required to implement to meet all legal, regulatory and contractual obligations. In addition, CCF establishes the evidence requirements control owners must maintain and produce to demonstrate a CCF control is in place.
Communications and Operations Management. (a) Protections Against Malicious Code. OneStream will implement detection, prevention, and recovery controls designed to protect against Malicious Code, including, but not limited to:
(i) Deploying Malicious Code detection and scanning on all systems commonly affected by Malicious Code (such as workstations and servers);
(ii) Installing security patches according to OneStream’s evaluation of the threat level addressed by such patches; and
(iii) Maintaining a regular security patch process in accordance with industry standards.
Communications and Operations Management. Operational policy Data recovery procedures