DATA PROTECTION & SECURITY. Suppliers are responsible for data protection, privacy compliance, and security control validation/ certification of their subcontractors. • For data classified as Confidential, Confidential – Internal Use Only or Restricted, data should be encrypted using AES-256 or stronger. • To protect data integrity, data should be hashed using SHA-256 or stronger. • All Confidential hard copy data that is no longer required must be shredded by use of a crosscut shredder. • The print process must be adequately secured to prevent unauthorized disclosure/access. • Extra precautions must be in place to protect the Confidential Information stored on portablesystems or mobile devices. Devices and data must be stored securely when not in use. • Portable systems with Confidential Information must not transfer data by use of Personal Area Networks • Web sites and applications must be backed up in accordance with Business Continuity andDisaster Recovery requirements. • Supplier must secure all backup media during transportation and in storage. • Supplier should catalog all media so that a missing storage unit (and which unit it is) shall be easily identified. Supplier should not label media in such a way that it discloses the datait contains or its owner company in a manner that is easily identified by an outsider. • Supplier should maintain system and application backups that support a total system restorefor a 30-day period as a minimum. Backup media must be on separate media from the system. • Supplier must destroy all Confidential Information within 30 days of termination of Supplier contract. Copies of Confidential Information on system backup media that is co-mingled with other system data are not included.
Appears in 2 contracts
Sources: Data Processing and Security Agreement, Data Processing and Security Agreement
DATA PROTECTION & SECURITY. ▪ Suppliers are responsible for data protection, privacy compliance, and security control validation/ certification of their subcontractors.
1. • For data classified as McAfee Enterprise Confidential, McAfee Enterprise Confidential – Internal Use Only or McAfee Enterprise Restricted, data should be encrypted using AES-256 AES- 128 or stronger. • ▪ To protect data integrityIntegrity, data should be hashed using SHA-256 or stronger. • ▪ All Confidential hard copy data that is no longer required must be shredded by use of a crosscut shredder. • ▪ The print process must be adequately secured to prevent unauthorized disclosure/access. • ▪ Extra precautions must be in place to protect the Confidential Information confidential data stored on portablesystems portable systems or mobile devices. Devices and data must be stored securely when not in use. • ▪ Portable systems with Confidential Information confidential data must not transfer data by use of Personal Area Networks • ▪ Web sites and applications must be backed up in accordance with Business Continuity andDisaster and Disaster Recovery requirements. • ▪ Supplier must secure all backup media during transportation and in storage. • ▪ Supplier should catalog all media so that a missing storage unit (and which unit it is) shall be easily identified. Supplier should not label media in such a way that it discloses the datait data it contains or its owner company in a manner that is easily identified by an outsider. • ▪ Supplier should maintain system and application backups that support a total system restorefor restore for a 30-day period as a minimum. Backup media must be on separate media from the system. • ▪ Supplier must destroy all Confidential Information confidential data within 30 days of termination of Supplier contract. Copies of Confidential Information Data on system backup media that is co-mingled with other system data are not included.
Appears in 1 contract